EU General Data Protection: A Milestone Of The Digital Age

The conventional wisdom is that the recently agreed-upon EU General Data Protection Regulation (GDPR) is the most-lobbied piece of legislation in the history of the European Union.

This law will likely go down as a milestone of the Digital Age, similar to industry-changing laws like the Clean Water Act or the Clean Air Act in the United States.

Just as new laws and regulations were needed to address the consequences of the Industrial Revolution, the European Union has responded to the privacy concerns presented by the Digital Revolution with a law that attempts to apply new order to the complexity of data in society.

Like most laws born of intense compromise, everyone will likely find fault with it. Privacy advocates will say it doesn’t go far enough in its risk-based approach to protect human rights. Industry voices will say it stands to cripple innovation and will consign Europe to a digital island.

Despite these differing opinions, the message to the global information economy is clear: It is time to get to work on the tough tasks of understanding and, eventually, complying with the GDPR.

Virtually every company doing business in the European Union has some challenging months ahead. Companies will need to figure out how to create a data breach response plan that both evaluates the risk of harm to consumers and still allows for regulators to be notified within 72 hours of discovery if that risk is deemed to be great.

Social media and other companies serving teen audiences will need to decide on a good way to acquire parental permission to gather the data of children. Every company will need to create systems for the demonstration of compliance with the law upon demand by regulators.

Much of this work will fall to the privacy profession. The GDPR mandates the appointment of a “data protection officer” (a DPO), a term that might be foreign to US ears. These DPOs are privacy professionals, and they’ve been proliferating around the world lately.

The new regulation requires DPOs for many companies, particularly those that handle sensitive data like biometrics or health information, but also those that make building profiles of their customers integral to their business plans. The good news is that you’ll have three years from this spring to put one in place — but the work of compliance will likely require a privacy professional in your organization far ahead of that deadline.

The potentially more challenging news is that privacy professionals are already in high demand, and will likely be even harder to find in the coming years. Training from within may be the most viable solution as companies struggle to find staff for these functions.

Without question, we will continue to see a public policy debate over many of the provisions of the GDPR. European regulators will create reams of analysis and guidance on the new regulation. Businesses will define best practices within industries and negotiate the new, risk-filled terrain of compliance. Customers will continue to demand innovative technologies that improve their lives, while at the same time expecting even greater respect for their privacy.

In this manner, the GDPR represents not a destination, but an important milestone — a marker that indicates how far we have come and how far we still have to go. Or perhaps the GDPR is more like another type of road sign: “Caution, Work Ahead.”

TechCrunch

 

« Drone Market Worth $14.9 Billion by 2020
Amazon’s Data Centers Are Located in US Spy Country »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Mission Secure (MSi)

Mission Secure (MSi)

MSi is a specialized provider of next generation cyber defense solutions protecting control systems and critical physical assets in energy, transportation and defense.

VNT Software

VNT Software

VNT's vision is to change the way complex IT problems are resolved by predicting business disruptions before they occur.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

ISEC7 Group

ISEC7 Group

ISEC7 Group is a global provider of mobile business services and software solutions. The company was one of the first movers in mobilising company and business processes.

Dathena

Dathena

Dathena is a company developing data governance software based on machine learning algorithms.

Security Engineered Machinery (SEM)

Security Engineered Machinery (SEM)

SEM provides comprehensive end-of-life solutions for the protection of sensitive information in government and commercial markets.

Crosspoint Capital Partners

Crosspoint Capital Partners

Crosspoint Capital Partners is a private equity investment firm focused on the cybersecurity and privacy sectors.

VeriClouds

VeriClouds

VeriClouds is a password verification service that helps organizations detect compromised passwords and stop account takeover attacks.

SECUINFRA

SECUINFRA

Since 2010, SECUINFRA have specialized in detecting, analyzing and defending against cyber attacks.

McDonald Hopkins

McDonald Hopkins

McDonald Hopkins is a business advisory and advocacy law firm. We focus on insightful legal solutions that help our clients strategically plan for an increasingly competitive future.

RMC

RMC

RMC was purpose-built for Mission Assurance and ICS/OT cybersecurity, dedicated to strengthening and protecting government and commercial assets.

ViewDS Identity Solutions

ViewDS Identity Solutions

ViewDS Identity Solutions develops innovative identity software including cloud identity management solutions, directory services, access and authorization management solutions.

Varutra Consulting

Varutra Consulting

Varutra Consulting is an Cyber Security Consulting, Solutions and Training services firm, providing specialized security services for software, mobile and network.

American Binary

American Binary

American Binary is a Quantum Safe Networking (TM) and post-quantum encryption company.

SplxAI

SplxAI

Our mission at SplxAI is to secure and safeguard GenAI-powered conversational apps by providing advanced security and pentesting solutions, so neither your organization nor your user base get harmed.

Anjolen

Anjolen

Anjolen provides expertise in cybersecurity, compliance and cyber forensic services.