As GDPR approaches its third anniversary, it’s important to look at the uncertainty Covid-19 has caused and how it has forced businesses to adapt their data rules.
<p><span lang=\"EN-US\">The third anniversary of the GDPR is an opportunity for companies to reflect on cybersecurity and how they are ensuring the safety of customers’ or clients’ <wbr />data.</span> <u></u><u></u></p> <p><u></u> <u></u></p> <p><span lang=\"EN-US\">It’s worth remembering that emails are hackers’ preferred method of attack, meaning that organisations need to make sure they are protected against phishing and other email-related threats.</span> <u></u><u></u></p> <p><u></u> <u></u></p> <p><span lang=\"EN-US\">The GDPR changed the world forever, setting out two standards that companies must now adhere to. The first is ‘Privacy By Design’, which means any new process must be designed through the lens of cybersecurity, and ‘Privacy by Default’, which states that any stored data must protect personal data.</span> <u></u><u></u></p> <p><u></u> <u></u></p> <p><span lang=\"EN-US\">On the third anniversary of the revolutionary GDPR, companies should remember the need to safeguard data. The first step in doing this is to teach staff to recognise <wbr />dangerous emails. Education should also be combined with the very best email security systems. No company can afford to fall foul of the GDPR, both in financial and reputational terms. Organisations have a moral duty to keep data safe, as well as a legal obligation.</span> </p>
<p><span lang=\"EN-US\">What initially seemed to be a real labyrinth, straight out of Brussels bureaucracy, had a major impact on people\’s life and privacy. </span><span lang=\"EN-US\"> </span><u></u><u></u></p> <p><span lang=\"EN-US\"><u></u> <u></u></span></p> <p><span lang=\"EN-US\">Europe positioned itself as a true pioneer to protect individuals, now followed by many states and countries around the world, take California and New York as an example. Three years after, there\’s still improvement to be made to the overall framework, but it\’s now down to the countries to strengthen enforcement of the regulations. </span><span lang=\"EN-US\"> </span><u></u><u></u></p> <p><span lang=\"EN-US\"><u></u> <u></u></span></p> <p><span lang=\"EN-US\">From a business standpoint, it was a stress test (possibly the same magnitude as what the banks had to go through during the financial crisis). But when that stress test is passed, they become bullet proof for global markets, and for the US specifically where massive class actions lead to reputation harm and humongous financial losses. Sometimes even greater than the 4% turnover fines that are part of GDPR sanctions. </span><span lang=\"EN-US\"> </span><u></u><u></u></p> <p><span lang=\"EN-US\"><u></u> <u></u></span></p> <p><span lang=\"EN-US\">Protecting data of both individuals and corporations is paramount, making sure they stay safe, before sensitive information falls into the wrong hands and impact our daily lives. We must not forget, cybersecurity has significant real world consequences”.</span><span lang=\"EN-US\"> </span></p>
<p>Since GDPR was introduced three years ago, we’ve seen a number of technology advancements impact the security landscape. More recently, the rapid adoption of these innovations in combination with accelerated cloud adoption brought on by the pandemic have brought to light a new challenge – data residency – as applications in the cloud have typically been hosted outside the EU. By providing cloud-native software security testing with EU data residency, we enable EU customers to address regulatory and organisational requirements while continuing to deliver secure software quickly and easily.</p> <p> </p> <p>On this anniversary of GDPR, it is important to recognise the impact of the changing landscape on developers who must continue to innovate and create applications. To ensure data is protected, collaboration between security experts, developers and security champions is integral to the success of any application security programme. GDPR fines have the potential to increase as the number of ways to violate the data protection rules multiply, so employing secure coding best practices from the outset is paramount.</p>
<p>On the third anniversary of the implementation of the GDPR, we can confidently say that the regulation is here to stay. Ultimately, data belongs to people and any technique that reinforces that approach – including encryption, tokenisation, data scrambling, data hiding, anonymization, among others – represents a fundamental step to protect small quantities of data that, when aggregated, becomes information.</p> <p><br /> <br />In this cloud epoch, where data moves between cloud environments, effective data protection regulation is critical. Understanding where data lives, in all its forms and platforms, provides unparalleled control and visibility when it comes to managing both structured and unstructured data sets. This was the aspiration of the GDPR when it was created. Now, more than ever, technology and legislation represent the opportunity to achieve an overarching governance umbrella for how information is discovered, identified, classified and protected. That\’s the ultimate goal.</p> <p><br /> <br />While it’s down to the European Data Protection Board (EDPB) to ensure that the law is being interpreted in the correct manner and provide essential guidance, businesses also have a key role to play in upholding the regulation. Keeping data safe, however, has never been more challenging as over the last year. The mass move to remote working caused by the pandemic meant that businesses had to shift to digital-first approaches virtually overnight. The resulting distributed infrastructure has created new attack vectors for cybercriminals – and, in turn, a greater potential for damaging data breaches.<br /> </p> <p>Within this new reality, becoming cyber resilient is a business necessity. Organisations should make extensive plans to effectively prepare for, respond to and recover from cyber threats. Amid a constantly evolving threat landscape, made even more complex by the global pandemic, protecting against data breaches requires building a road map to cyber resiliency. This way, organisations can ensure they are in the best position to safeguard sensitive information and continue to comply with data privacy regulation such as the GDPR.</p> <p> </p>
<p><span lang=\"EN-US\">The GDPR changed the way that companies collect and manage personal data forever. After a relatively slow start, it’s starting to bite hard. </span><u></u><u></u></p> <p> </p> <p><span lang=\"EN-US\">In the past year, the number of fines has </span><a title=\"https://urldefense.com/v3/__https:/www.tessian.com/blog/biggest-gdpr-fines-2020/__;!!powqjtoed4s!3-z1z7tbdm3tknaaaqiblaxx-g37jnowquc3nvhvqzjsy7kaav9czsvc4mkj$\" href=\"https://urldefense.com/v3/__https:/www.tessian.com/blog/biggest-gdpr-fines-2020/__;!!PowQjtoeD4s!3-Z1Z7tbdM3TKNAAaqiBLaxX-G37jnOwQUc3NvhvqZJSY7KAav9CzSVC4mkj$\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://urldefense.com/v3/__https:/www.tessian.com/blog/biggest-gdpr-fines-2020/__;!!PowQjtoeD4s!3-Z1Z7tbdM3TKNAAaqiBLaxX-G37jnOwQUc3NvhvqZJSY7KAav9CzSVC4mkj$&source=gmail&ust=1622029347407000&usg=AFQjCNFBX37Y7Q1UR96zKeRpEwggtGPqkg\"><span lang=\"EN-US\">increased by more than one-third</span></a><span lang=\"EN-US\">, amounting to a total of 158.5 million ($191.5 million). Google faced the biggest fine in GDPR history and was stung for €50 million ($56.6 million) following an appeal hearing in March 2020. </span><u></u><u></u></p> <p> </p> <p><span lang=\"EN-US\">Enforcement of the GDPR took a while to ramp up, with data protection bodies like Britain’s ICO putting investigations on hold during the pandemic. But we’re now seeing increased enforcement action, which should remind organisations of their duties to keep data safe. </span><u></u><u></u></p> <p> </p> <p><span lang=\"EN-US\">The past year has been something of a Wild West for data protection. When staff were sent home to work armed with a laptop and various collaboration tools, data security was often treated as secondary to convenience. This is an unsustainable situation and can lead to dangerous overexposure. Organisations must remember that there are consequences to making mistakes with data. </span><u></u><u></u></p> <p> </p> <p><span lang=\"EN-US\">Expensive slip-ups are very easy to make, particularly in an era where sensitive data is stored in the cloud and accessible via vast numbers of endpoints in insecure settings. </span><u></u><u></u></p> <p> </p> <p><span lang=\"EN-US\">The birthday of the GDPR will not be a happy occasion for organisations that fail to treat data carefully.</span></p>
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics