GDPR: ground zero for a more trusted, secure internet
Share This Article:
Most of us have been bombarded recently by a barrage of emails from companies begging us to “stay in touch” or “opt in” or informing us of a “policy update”. On May 25, an historic date for the internet, the EU’s General Data Protection Regulation (GDPR) came into force. For some, it is the start of a more citizen-focused world, for others it will see the collapse of their digital marketing strategy.The number and scope of serious data breaches have dramatically increased in the last few years. In 2013, around three billion Yahoo user accounts were affected by a hacking attack. Recently it was revealed that 143m customers of the credit score agency Equifax were hit by a similar breach. And on top of this, we see breaches of privacy in the mass harvesting of data from Cloud service providers, as highlighted by the Facebook/Cambridge Analytica debacle. No wonder there is an increasing lack of trust in how companies capture and process our data.
A new dawnGDPR replaces the EU’s 1995 Data Protection Directive, which set out minimum standards for processing data. With the new regulations, individuals are afforded the power to compel companies to reveal (or delete) any personal data they hold, and failure to adhere to the new rules will result in stiff penalties, with a maximum fine of 4% of a company’s turnover. For a company like Facebook, this could mean around US$1.6 billion. Many companies already work within audit/compliance regimes. In the finance industry, for example, this is typically the Payment Card Industry Data Security Standard (PCI-DSS). But these regulations have often failed to stem the tide of data breaches within companies, necessitating more robust standards. At the core of GDPR there are four foundation elements:
Consent and how your data is usedAs GDPR ensures that consent is explicit, the days of consent by default are over, and the need for users to opt out of mailing lists will become a thing of the past. Individuals have the right to withhold consent, request access to their personal information or delete it altogether from a site. Currently the general feeling is that few users are actually following up on the consent request emails, which means companies may experience problems with their current digital marketing strategies, as they see their contact lists collapse.
Response to breachesIn the past, companies have failed to respond promptly to data breaches, especially in the time taken to inform users, and are guilty of being vague about what they report. GDPR aims to overcome this by forcing companies to report within 72 hours, and have faster methods of investigating a breach. This is likely to see the rise of 24/7 security operation centres (SOCs) which continually monitor the data infrastructure for signs of a breach. With the current average time to detect a data breach measured in months, this will be a significant challenge for many companies.
- Article continues below...
- More stories you may like...
- Review: AI: More Than Human @ Barbican
- This Week in Tech: Google wants to build a city
- Tech Review: Juice Extreme Power Bank