EU General Data Protection: A Milestone Of The Digital Age

Uploaded on 2016-01-20 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

The conventional wisdom is that the recently agreed-upon EU General Data Protection Regulation (GDPR) is the most-lobbied piece of legislation in the history of the European Union.

This law will likely go down as a milestone of the Digital Age, similar to industry-changing laws like the Clean Water Act or the Clean Air Act in the United States.

Just as new laws and regulations were needed to address the consequences of the Industrial Revolution, the European Union has responded to the privacy concerns presented by the Digital Revolution with a law that attempts to apply new order to the complexity of data in society.

Like most laws born of intense compromise, everyone will likely find fault with it. Privacy advocates will say it doesn’t go far enough in its risk-based approach to protect human rights. Industry voices will say it stands to cripple innovation and will consign Europe to a digital island.

Despite these differing opinions, the message to the global information economy is clear: It is time to get to work on the tough tasks of understanding and, eventually, complying with the GDPR.

Virtually every company doing business in the European Union has some challenging months ahead. Companies will need to figure out how to create a data breach response plan that both evaluates the risk of harm to consumers and still allows for regulators to be notified within 72 hours of discovery if that risk is deemed to be great.

Social media and other companies serving teen audiences will need to decide on a good way to acquire parental permission to gather the data of children. Every company will need to create systems for the demonstration of compliance with the law upon demand by regulators.

Much of this work will fall to the privacy profession. The GDPR mandates the appointment of a “data protection officer” (a DPO), a term that might be foreign to US ears. These DPOs are privacy professionals, and they’ve been proliferating around the world lately.

The new regulation requires DPOs for many companies, particularly those that handle sensitive data like biometrics or health information, but also those that make building profiles of their customers integral to their business plans. The good news is that you’ll have three years from this spring to put one in place — but the work of compliance will likely require a privacy professional in your organization far ahead of that deadline.

The potentially more challenging news is that privacy professionals are already in high demand, and will likely be even harder to find in the coming years. Training from within may be the most viable solution as companies struggle to find staff for these functions.

Without question, we will continue to see a public policy debate over many of the provisions of the GDPR. European regulators will create reams of analysis and guidance on the new regulation. Businesses will define best practices within industries and negotiate the new, risk-filled terrain of compliance. Customers will continue to demand innovative technologies that improve their lives, while at the same time expecting even greater respect for their privacy.

In this manner, the GDPR represents not a destination, but an important milestone — a marker that indicates how far we have come and how far we still have to go. Or perhaps the GDPR is more like another type of road sign: “Caution, Work Ahead.”

TechCrunch

 

« Drone Market Worth $14.9 Billion by 2020
Amazon’s Data Centers Are Located in US Spy Country »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

European Cyber Security Organisation (ECSO)

European Cyber Security Organisation (ECSO)

The main objective of ECSO is to support all types of initiatives or projects that aim to develop, promote and encourage European cybersecurity.

Adeptis Group

Adeptis Group

Adeptis are experts in cyber security recruitment, providing bespoke staffing solutions to safeguard your organisation against ever-changing cyber threats.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

CUIng.org

CUIng.org

The CUIng initiative was launched to tackle the problem of criminal exploitation of information hiding techniques.

Kivu Consulting

Kivu Consulting

Kivu Consulting combines technical and legal expertise to deliver data breach response, investigative, discovery and forensic solutions worldwide.

Comarch

Comarch

Comarch is a provider of IT business solutions to optimize operational and business processes. Cyber security solutions are focused on Identity Management and Security Assessment services.

Caulis

Caulis

Caulis FraudAlert is a cyber security solution. It can detect fraud and identity theft based on users’ online behaviour.

Leadcomm

Leadcomm

Leadcomm is a Brazilian company focused on the distribution and integration of IT systems and security solutions for large companies.

Blackpoint Cyber

Blackpoint Cyber

Blackpoint’s mission is to provide effective, affordable real-time threat detection and response to organizations of all sizes around the world.

ControlMap

ControlMap

ControlMap is a software as a service platform with a mission to simplify and eliminate stress from everyday operations of modern IT compliance teams.

Pires Investments

Pires Investments

Pires is building an investment portfolio of high-tech businesses across areas such as Artificial Intelligence, Internet of Things, Cyber Security and Augmented/Virtual Reality.

Stripe OLT

Stripe OLT

At Stripe OLT, we provide complete business technology solutions - Our team has an unrivalled reputation as a Microsoft Gold Partner, specialising in secure, cloud-first technology.

Stronghold Cyber Security

Stronghold Cyber Security

Stronghold Cyber Security is a consulting company that specializes in NIST 800, the Cybersecurity Framework and the Cybersecurity Maturity Model Certification.

Gridware

Gridware

Gridware is a specialised cybersecurity consultancy firm and an emerging global player in the cybersecurity intelligence and advisory field.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

M.Tech

M.Tech

M.Tech is a leading cyber security and network performance solutions provider. We work with leading vendors to bring optimal solutions to the market through a channel of reseller partners.