When I was young “identity theft” didn’t have a name, and was something that only happened in TV series re-runs of “Mission Impossible” or “The Man from U.N.C.L.E.” But it seems a lot has changed since these days, with the likes of Facebook and Google now potentially knowing more about us then our own family.
Today we need to be extra careful with our own personal information and the digital footprints we make. In the wrong hands it can unlock the doors to the many things we do online today; banking, shopping, subscriptions, the list goes on.
Thankfully most companies and Governments are doing their bit to keep our personal information safe as well as keeping us informed, if we care to listen. Did you know for example there is even a national “Data Protection Day” on 28th January, which raises awareness and promotes privacy and data protection best practices.
Far bigger than that this year however is the European General Data Protection Regulation (GDPR), which comes into effect on 25th May this year.
GDPR is a new regulation which will affect any organisation, regardless where they are based, that processes personal data from EU residents. It calls for greater transparency and increased accountability on these organisations and it is grabbing headlines as the regulation imposes large sanctions for those found to be in violation. With maximum fines of 4% of global revenue or 20 million euros (whichever is greater), it could even stop organisations from processing data altogether.
This new regulation will give enhanced rights to EU citizens allowing them to request what personal data is being stored about them and why. It will be an interesting time for many companies, particularly those looking to capitalise on the Internet of Things (IoT), who will really have to think about the personal data they have, what they need to process it and how long they need to keep it for.
GDPR will require an intricate understanding of the many disparate data sources inside and outside of an organisation, ensuring the correct policies and procedures, training and technology are all in place to protect, manage and monitor that data in the run up to 25th May and beyond.
Reputable and forward-thinking organisations will take an open and transparent approach to GDPR. In the analytics economy, leaders will be better data custodians, building the next level of trust, gaining the proper consent so that they can use the personal data they need to provide the product or service. And individuals will be open to share if they see value.
When it comes to our personal data at least things are changing, and they are changing for the better.
[su_box title=”About Adam Mayer” style=”noise” box_color=”#336588″][short_info id=’104744′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.