Eight Reasons Why US CEOs Care About New EU Privacy Laws

Uploaded on 2016-04-11 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

A major change is on the way in how American companies must handle European citizens’ personal data.

The EU recently rejected Safe Harbor rules that would have allowed US companies to manage EU data under existing US law. Now, new legislation will tighten the rules—and the penalties—significantly, to better protect European citizens’ personal data.

The stakes are being raised considerably for any business dealing with any data on EU citizens. As the EU takes the global lead on ensuring data privacy, the changes coming soon will likely have further reaching implications moving forward. Here are 8 reasons you can’t afford to ignore these new regulations:

One - A new set of rules called Privacy Shield will build on Safe Harbor to add regulation of the US government’s surveillance of non-US individuals’ data, something that has not been covered before. That means that if the government is sniffing your company’s data and surveys EU citizens’ personal identifying information (PII) in the process, your company could be complicit in a Privacy Shield violation, not to mention risk reputation damage.

Two - Privacy Shield provides a new dispute resolution process that permits EU citizens to sue US government agencies if they believe their privacy was infringed upon. While certainly the agency in question is on the hook, your company could be dragged into the process by default.

Three - Even more severe, the proposed General Data Protection Regulation (GDPR) would fully extend the jurisdiction of EU data laws to any companies holding EU citizens’ data.

Four - Failure to comply with GDPR carries potentially enormous penalties—up to 5% of revenue. Again, this doesn’t include potential damage from a tarnished reputation.

Five - GDPR also includes the “right to be forgotten.” Think of this in terms of an Internet expunge—any company which publishes information regarding an EU citizen must have the capability to remove records pertaining to individual citizens upon request, particularly with regard to anything unflattering or potentially damaging.

Six - GDPR also requires rapid mandatory disclosure of data breaches of any size. Not only is meeting the timely disclosure requirements a challenge, but again, the potential damage in the court of public opinion could be great, even in events or cases where no harm comes to those whose data is potentially leaked.

Seven - Most conventional analytics tools require that data be copied onto local physical servers for analysis, and by default, that includes PII. The risk of a breach under these circumstances is significant, to say nothing of the inefficiency of moving these massive amounts of data around. This means that all companies using these tools are at a significant risk, and should be investigating alternative options. For example, data-linking technology allows the customers’ low-level data (including PII) to remain in its original storage for analysis. 

The data is scanned in situ, and only a summary data set is returned to the analytics engine. Native K-anonymity also helps to solve the PII problem by returning to the analytics engine only data clusters large enough to prevent identification of individual users. These features, available in some solutions like BeyondCore, provide a far higher level of protection than typical data masking or other post-processing methods, enabling companies to retain the ability to conduct key data analysis even in the face of these more stringent legal rulings.

Eight - These new privacy enhancements beg the question: how long is it before these same protections are extended to all citizens—EU, US and others? The change in European data handling could very likely usher in a major sea change in data privacy and protections around the world, precipitating a major shift in the way companies must deal with all PII data.

While neither Privacy Shield nor GDPR have been enacted yet, Privacy Shield has been ratified and implementation is forthcoming. Meanwhile, GDPR is still under development, but most experts predict it will go into force in 2018.

In today’s international business market, these new rules will impact virtually every businesses operating in the US and around the world, even those with just a single EU customer. That’s why it’s urgent that companies act now to plan a complete review and audit of their current data privacy, security and compliance policies, including analytics processes, against these new regulatory requirements. 

The stakes are about to get much higher, and only those who stay ahead of the game on compliance will win.

Information-Management:

 

 

« Taliban App Removed From Google Store
Will Capitalism Survive The Robot Revolution? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer

Freshfields Bruckhaus Deringer is a global law firm with a track record of successfully supporting the world's leading corporations, financial institutions and governments.

CodeOne

CodeOne

CodeOne provides solutions for website and web app security.

Prevalent

Prevalent

Prevalent takes the pain out of third-party risk management. Companies use our services to eliminate the security and compliance exposures that come from working with vendors and suppliers.

Wallarm

Wallarm

Wallarm is the only unified, best-in-class API Security and WAAP (Web App and API Protection) platform to protect your entire API and web application portfolio.

FraudHunt

FraudHunt

FraudHunt protects your website from account fraud, ad fraud, fraud clicks, and malicious bots.

European Cyber Security Conference

European Cyber Security Conference

EU Cyber Security Conference will debate what Europe’s response to evolving threats in a dynamic global risk landscape should look like and what the next steps for all actors of the ecosystem.

Trusted CI

Trusted CI

Trusted CI, the NSF Cybersecurity Center of Excellence is comprised of cybersecurity experts who have spent decades working with science and engineering communities.

Human Security

Human Security

Human (formerly White Ops) Bot Mitigation Platform enables complete protection from sophisticated bot attacks across advertising, marketing and cybersecurity.

SAP National Security Services (NS2)

SAP National Security Services (NS2)

SAP NS2 are dedicated to delivering the best of SAP innovation, from cloud to predictive analytics; machine learning to data fusion.

Absa Cybersecurity Academy

Absa Cybersecurity Academy

Absa Cybersecurity Academy is an initiative aimed at empowering marginalised South African youths to become certified cybersecurity specialists.

SHe CISO Exec

SHe CISO Exec

SHe CISO Exec is a sustainable global training and mentoring platform in information security and leadership.

Defentry

Defentry

Defentry have created an Ecosystem that lets our users easily monitor, train and resolve their digital security issues.

NANO Corp

NANO Corp

At NANO Corp, we keep your network visible, understandable, operational and secure with state-of-the-art technology.

M.Tech

M.Tech

M.Tech is a leading cyber security and network performance solutions provider. We work with leading vendors to bring optimal solutions to the market through a channel of reseller partners.

Ofcom

Ofcom

Ofcom is the UK's communications regulator. We regulate the TV, radio and video on demand sectors, fixed line telecoms, mobiles, postal services, plus the airwaves over which wireless devices operate.

Chaos Computer Club (CCC)

Chaos Computer Club (CCC)

The Chaos Computer Club is Europe's largest association of hackers.