As GDPR approaches its third anniversary, it’s important to look at the uncertainty Covid-19 has caused and how it has forced businesses to adapt their data rules.

Notify of

10 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Adrien Gendre
Adrien Gendre , Chief Product Officer and Co-Founder
InfoSec Expert
May 26, 2021 1:59 pm

<p><span lang=\"EN-US\">The third anniversary of the GDPR is an opportunity for companies to reflect on cybersecurity and how they are ensuring the safety of customers’ or clients’ <wbr />data.</span> <u></u><u></u></p> <p><u></u> <u></u></p> <p><span lang=\"EN-US\">It’s worth remembering that emails are hackers’ preferred method of attack, meaning that organisations need to make sure they are protected against phishing and other email-related threats.</span> <u></u><u></u></p> <p><u></u> <u></u></p> <p><span lang=\"EN-US\">The GDPR changed the world forever, setting out two standards that companies must now adhere to. The first is ‘Privacy By Design’, which means any new process must be designed through the lens of cybersecurity, and ‘Privacy by Default’, which states that any stored data must protect personal data.</span> <u></u><u></u></p> <p><u></u> <u></u></p> <p><span lang=\"EN-US\">On the third anniversary of the revolutionary GDPR, companies should remember the need to safeguard data. The first step in doing this is to teach staff to recognise <wbr />dangerous emails. Education should also be combined with the very best email security systems. No company can afford to fall foul of the GDPR, both in financial and reputational terms. Organisations have a moral duty to keep data safe, as well as a legal obligation.</span> </p>

Last edited 1 year ago by Adrien Gendre
David Sygula
David Sygula , Senior Cybersecurity Analyst
InfoSec Expert
May 25, 2021 12:07 pm

<p><span lang=\"EN-US\">What initially seemed to be a real labyrinth, straight out of Brussels bureaucracy, had a major impact on people\’s life and privacy. </span><span lang=\"EN-US\"> </span><u></u><u></u></p> <p><span lang=\"EN-US\"><u></u> <u></u></span></p> <p><span lang=\"EN-US\">Europe positioned itself as a true pioneer to protect individuals, now followed by many states and countries around the world, take California and New York as an example. Three years after, there\’s still improvement to be made to the overall framework, but it\’s now down to the countries to strengthen enforcement of the regulations. </span><span lang=\"EN-US\"> </span><u></u><u></u></p> <p><span lang=\"EN-US\"><u></u> <u></u></span></p> <p><span lang=\"EN-US\">From a business standpoint, it was a stress test (possibly the same magnitude as what the banks had to go through during the financial crisis). But when that stress test is passed, they become bullet proof for global markets, and for the US specifically where massive class actions lead to reputation harm and humongous financial losses. Sometimes even greater than the 4% turnover fines that are part of GDPR sanctions. </span><span lang=\"EN-US\"> </span><u></u><u></u></p> <p><span lang=\"EN-US\"><u></u> <u></u></span></p> <p><span lang=\"EN-US\">Protecting data of both individuals and corporations is paramount, making sure they stay safe, before sensitive information falls into the wrong hands and impact our daily lives. We must not forget, cybersecurity has significant real world consequences”.</span><span lang=\"EN-US\"> </span></p>

Last edited 1 year ago by David Sygula
John Smith
John Smith , EMEA CTO
InfoSec Expert
May 25, 2021 12:05 pm

<p>Since GDPR was introduced three years ago, we’ve seen a number of technology advancements impact the security landscape. More recently, the rapid adoption of these innovations in combination with accelerated cloud adoption brought on by the pandemic have brought to light a new challenge – data residency – as applications in the cloud have typically been hosted outside the EU. By providing cloud-native software security testing with EU data residency, we enable EU customers to address regulatory and organisational requirements while continuing to deliver secure software quickly and easily.</p> <p> </p> <p>On this anniversary of GDPR, it is important to recognise the impact of the changing landscape on developers who must continue to innovate and create applications. To ensure data is protected, collaboration between security experts, developers and security champions is integral to the success of any application security programme. GDPR fines have the potential to increase as the number of ways to violate the data protection rules multiply, so employing secure coding best practices from the outset is paramount.</p>

Last edited 1 year ago by John Smith
Ramsés Gallego
Ramsés Gallego , Security, Risk & Governance International Director
InfoSec Expert
May 25, 2021 12:04 pm

<p>On the third anniversary of the implementation of the GDPR, we can confidently say that the regulation is here to stay. Ultimately, data belongs to people and any technique that reinforces that approach – including encryption, tokenisation, data scrambling, data hiding, anonymization, among others – represents a fundamental step to protect small quantities of data that, when aggregated, becomes information.</p> <p><br /> <br />In this cloud epoch, where data moves between cloud environments, effective data protection regulation is critical. Understanding where data lives, in all its forms and platforms, provides unparalleled control and visibility when it comes to managing both structured and unstructured data sets. This was the aspiration of the GDPR when it was created. Now, more than ever, technology and legislation represent the opportunity to achieve an overarching governance umbrella for how information is discovered, identified, classified and protected. That\’s the ultimate goal.</p> <p><br /> <br />While it’s down to the European Data Protection Board (EDPB) to ensure that the law is being interpreted in the correct manner and provide essential guidance, businesses also have a key role to play in upholding the regulation. Keeping data safe, however, has never been more challenging as over the last year. The mass move to remote working caused by the pandemic meant that businesses had to shift to digital-first approaches virtually overnight. The resulting distributed infrastructure has created new attack vectors for cybercriminals – and, in turn, a greater potential for damaging data breaches.<br /> </p> <p>Within this new reality, becoming cyber resilient is a business necessity. Organisations should make extensive plans to effectively prepare for, respond to and recover from cyber threats. Amid a constantly evolving threat landscape, made even more complex by the global pandemic, protecting against data breaches requires building a road map to cyber resiliency. This way, organisations can ensure they are in the best position to safeguard sensitive information and continue to comply with data privacy regulation such as the GDPR.</p> <p> </p>

Last edited 1 year ago by Ramsés Gallego
Matt Lock
Matt Lock , Technical Director
InfoSec Expert
May 25, 2021 11:58 am

<p><span lang=\"EN-US\">The GDPR changed the way that companies collect and manage personal data forever. After a relatively slow start, it’s starting to bite hard. </span><u></u><u></u></p> <p> </p> <p><span lang=\"EN-US\">In the past year, the number of fines has </span><a title=\";!!powqjtoed4s!3-z1z7tbdm3tknaaaqiblaxx-g37jnowquc3nvhvqzjsy7kaav9czsvc4mkj$\" href=\";!!PowQjtoeD4s!3-Z1Z7tbdM3TKNAAaqiBLaxX-G37jnOwQUc3NvhvqZJSY7KAav9CzSVC4mkj$\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\";!!PowQjtoeD4s!3-Z1Z7tbdM3TKNAAaqiBLaxX-G37jnOwQUc3NvhvqZJSY7KAav9CzSVC4mkj$&source=gmail&ust=1622029347407000&usg=AFQjCNFBX37Y7Q1UR96zKeRpEwggtGPqkg\"><span lang=\"EN-US\">increased by more than one-third</span></a><span lang=\"EN-US\">, amounting to a total of 158.5 million ($191.5 million). Google faced the biggest fine in GDPR history and was stung for €50 million ($56.6 million) following an appeal hearing in March 2020. </span><u></u><u></u></p> <p> </p> <p><span lang=\"EN-US\">Enforcement of the GDPR took a while to ramp up, with data protection bodies like Britain’s ICO putting investigations on hold during the pandemic. But we’re now seeing increased enforcement action, which should remind organisations of their duties to keep data safe. </span><u></u><u></u></p> <p> </p> <p><span lang=\"EN-US\">The past year has been something of a Wild West for data protection. When staff were sent home to work armed with a laptop and various collaboration tools, data security was often treated as secondary to convenience. This is an unsustainable situation and can lead to dangerous overexposure. Organisations must remember that there are consequences to making mistakes with data. </span><u></u><u></u></p> <p> </p> <p><span lang=\"EN-US\">Expensive slip-ups are very easy to make, particularly in an era where sensitive data is stored in the cloud and accessible via vast numbers of endpoints in insecure settings. </span><u></u><u></u></p> <p> </p> <p><span lang=\"EN-US\">The birthday of the GDPR will not be a happy occasion for organisations that fail to treat data carefully.</span></p>

Last edited 1 year ago by Matt Lock
Information Security Buzz
Would love your thoughts, please comment.x