Eight Reasons Why US CEOs Care About New EU Privacy Laws

Uploaded on 2016-04-11 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

A major change is on the way in how American companies must handle European citizens’ personal data.

The EU recently rejected Safe Harbor rules that would have allowed US companies to manage EU data under existing US law. Now, new legislation will tighten the rules—and the penalties—significantly, to better protect European citizens’ personal data.

The stakes are being raised considerably for any business dealing with any data on EU citizens. As the EU takes the global lead on ensuring data privacy, the changes coming soon will likely have further reaching implications moving forward. Here are 8 reasons you can’t afford to ignore these new regulations:

One - A new set of rules called Privacy Shield will build on Safe Harbor to add regulation of the US government’s surveillance of non-US individuals’ data, something that has not been covered before. That means that if the government is sniffing your company’s data and surveys EU citizens’ personal identifying information (PII) in the process, your company could be complicit in a Privacy Shield violation, not to mention risk reputation damage.

Two - Privacy Shield provides a new dispute resolution process that permits EU citizens to sue US government agencies if they believe their privacy was infringed upon. While certainly the agency in question is on the hook, your company could be dragged into the process by default.

Three - Even more severe, the proposed General Data Protection Regulation (GDPR) would fully extend the jurisdiction of EU data laws to any companies holding EU citizens’ data.

Four - Failure to comply with GDPR carries potentially enormous penalties—up to 5% of revenue. Again, this doesn’t include potential damage from a tarnished reputation.

Five - GDPR also includes the “right to be forgotten.” Think of this in terms of an Internet expunge—any company which publishes information regarding an EU citizen must have the capability to remove records pertaining to individual citizens upon request, particularly with regard to anything unflattering or potentially damaging.

Six - GDPR also requires rapid mandatory disclosure of data breaches of any size. Not only is meeting the timely disclosure requirements a challenge, but again, the potential damage in the court of public opinion could be great, even in events or cases where no harm comes to those whose data is potentially leaked.

Seven - Most conventional analytics tools require that data be copied onto local physical servers for analysis, and by default, that includes PII. The risk of a breach under these circumstances is significant, to say nothing of the inefficiency of moving these massive amounts of data around. This means that all companies using these tools are at a significant risk, and should be investigating alternative options. For example, data-linking technology allows the customers’ low-level data (including PII) to remain in its original storage for analysis. 

The data is scanned in situ, and only a summary data set is returned to the analytics engine. Native K-anonymity also helps to solve the PII problem by returning to the analytics engine only data clusters large enough to prevent identification of individual users. These features, available in some solutions like BeyondCore, provide a far higher level of protection than typical data masking or other post-processing methods, enabling companies to retain the ability to conduct key data analysis even in the face of these more stringent legal rulings.

Eight - These new privacy enhancements beg the question: how long is it before these same protections are extended to all citizens—EU, US and others? The change in European data handling could very likely usher in a major sea change in data privacy and protections around the world, precipitating a major shift in the way companies must deal with all PII data.

While neither Privacy Shield nor GDPR have been enacted yet, Privacy Shield has been ratified and implementation is forthcoming. Meanwhile, GDPR is still under development, but most experts predict it will go into force in 2018.

In today’s international business market, these new rules will impact virtually every businesses operating in the US and around the world, even those with just a single EU customer. That’s why it’s urgent that companies act now to plan a complete review and audit of their current data privacy, security and compliance policies, including analytics processes, against these new regulatory requirements. 

The stakes are about to get much higher, and only those who stay ahead of the game on compliance will win.

Information-Management:

 

 

« Taliban App Removed From Google Store
Will Capitalism Survive The Robot Revolution? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NXP Semiconductors

NXP Semiconductors

NXP is a world leader in secure connectivity solutions for embedded applications and the Internet of Things.

Zeguro

Zeguro

Zeguro provides complete cybersecurity risk assessment, mitigation and insurance, allowing you to easily manage your cyber risk.

Joint Accreditation System of Australia and New Zealand (JASANZ)

Joint Accreditation System of Australia and New Zealand (JASANZ)

JASANZ is the joint national accreditation body for Australia and New Zealand. The directory of members provides details of organisations offering certification services for ISO 27001.

bluedog Security Monitoring

bluedog Security Monitoring

Sentinel from bluedog provides powerful and affordable internal network monitoring.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

CryptoCurrency Certification Consortium (C4)

CryptoCurrency Certification Consortium (C4)

The CryptoCurrency Certification Consortium is a non-profit organization that provides certifications to professionals who perform cryptocurrency-related services.

Digital Magics

Digital Magics

Digital Magics is an incubator for innovative startups which offer content and services with high technological value. Areas of focus include IoT, Enterprise Software, AI, Industry 4.0 and Blockchain.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Phakamo Tech

Phakamo Tech

Phakamo Tech offers a full set of governance, risk, compliance, cybersecurity and Microsoft Cloud services that include consulting, planning, implementation and cyber incident response.

Luta Security

Luta Security

Luta Security implements a holistic approach to advance the security maturity of governments and organizations around the world.

Veriti

Veriti

Veriti is a unified security posture management platform that integrates with your security solutions and proactively identifies and remediates potential risks and misconfigurations.

VicOne

VicOne

With a vision to secure the vehicles of tomorrow, VicOne delivers a broad portfolio of cybersecurity software and services for the automotive industry.

dWallet Labs

dWallet Labs

dWallet Labs is a cybersecurity company specializing in blockchain technology. We believe that the future of Web3 relies on cutting edge cryptography and unabated security.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.

OpenAI

OpenAI

OpenAI is an AI research and deployment company dedicated to ensuring that general-purpose artificial intelligence benefits all of humanity.

Corix Partners

Corix Partners

Corix Partners is a Boutique Management Consultancy Firm focused on assisting CIOs and other C-level executives in resolving Cyber Security Strategy, Organisation and Governance challenges.