GDPR comes into effect on Friday, 25-May. What does it mean globally? Um…we’re not really sure.
The intention is to help push control of your data back to you.
In order to accomplish that, GDPR contains two sets of penalties. The big one is negligence in protection the data (up to 4% of your global annual turnover) and the “smaller” is for failure to notify the regulators and affected people after a breach (up to 2%).
Both of these fines are designed to shift the risk calculus in favour of privacy and security BY DESIGN.
It’s going to be a very interesting next few months…
Apparently the FBI misrepresented the number of devices they can’t access due to encryption by up to a factor of 6x. This is most likely due to clerical error and a lack of actual statistics rather than malicious intent.
But it does bring up the bigger issue of statistics and data tracking in security. Most organizations struggle finding and tacking meaningful security data. So how do they make informed, evidence-based decisions?
GDPR comes into effect tomorrow and one of it’s biggest advantages is how it will force companies to actually manage their data…well at least personally identifiable information.
This will be a massive boost to security programs as we can finally make informed decisions about protecting that data since we know it’s value to the organization!
It won’t be an easy road but it is definitely one worth traveling.
GDPR is now of the law of the land in the EU. Did everything change overnight?
No. But the process has kicked off with advocates filing GDPR complaints starting the 30 day clock for responses in each case.
It’s going to be a very interesting summer…