Eight Reasons Why US CEOs Care About New EU Privacy Laws

Uploaded on 2016-04-11 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

A major change is on the way in how American companies must handle European citizens’ personal data.

The EU recently rejected Safe Harbor rules that would have allowed US companies to manage EU data under existing US law. Now, new legislation will tighten the rules—and the penalties—significantly, to better protect European citizens’ personal data.

The stakes are being raised considerably for any business dealing with any data on EU citizens. As the EU takes the global lead on ensuring data privacy, the changes coming soon will likely have further reaching implications moving forward. Here are 8 reasons you can’t afford to ignore these new regulations:

One - A new set of rules called Privacy Shield will build on Safe Harbor to add regulation of the US government’s surveillance of non-US individuals’ data, something that has not been covered before. That means that if the government is sniffing your company’s data and surveys EU citizens’ personal identifying information (PII) in the process, your company could be complicit in a Privacy Shield violation, not to mention risk reputation damage.

Two - Privacy Shield provides a new dispute resolution process that permits EU citizens to sue US government agencies if they believe their privacy was infringed upon. While certainly the agency in question is on the hook, your company could be dragged into the process by default.

Three - Even more severe, the proposed General Data Protection Regulation (GDPR) would fully extend the jurisdiction of EU data laws to any companies holding EU citizens’ data.

Four - Failure to comply with GDPR carries potentially enormous penalties—up to 5% of revenue. Again, this doesn’t include potential damage from a tarnished reputation.

Five - GDPR also includes the “right to be forgotten.” Think of this in terms of an Internet expunge—any company which publishes information regarding an EU citizen must have the capability to remove records pertaining to individual citizens upon request, particularly with regard to anything unflattering or potentially damaging.

Six - GDPR also requires rapid mandatory disclosure of data breaches of any size. Not only is meeting the timely disclosure requirements a challenge, but again, the potential damage in the court of public opinion could be great, even in events or cases where no harm comes to those whose data is potentially leaked.

Seven - Most conventional analytics tools require that data be copied onto local physical servers for analysis, and by default, that includes PII. The risk of a breach under these circumstances is significant, to say nothing of the inefficiency of moving these massive amounts of data around. This means that all companies using these tools are at a significant risk, and should be investigating alternative options. For example, data-linking technology allows the customers’ low-level data (including PII) to remain in its original storage for analysis. 

The data is scanned in situ, and only a summary data set is returned to the analytics engine. Native K-anonymity also helps to solve the PII problem by returning to the analytics engine only data clusters large enough to prevent identification of individual users. These features, available in some solutions like BeyondCore, provide a far higher level of protection than typical data masking or other post-processing methods, enabling companies to retain the ability to conduct key data analysis even in the face of these more stringent legal rulings.

Eight - These new privacy enhancements beg the question: how long is it before these same protections are extended to all citizens—EU, US and others? The change in European data handling could very likely usher in a major sea change in data privacy and protections around the world, precipitating a major shift in the way companies must deal with all PII data.

While neither Privacy Shield nor GDPR have been enacted yet, Privacy Shield has been ratified and implementation is forthcoming. Meanwhile, GDPR is still under development, but most experts predict it will go into force in 2018.

In today’s international business market, these new rules will impact virtually every businesses operating in the US and around the world, even those with just a single EU customer. That’s why it’s urgent that companies act now to plan a complete review and audit of their current data privacy, security and compliance policies, including analytics processes, against these new regulatory requirements. 

The stakes are about to get much higher, and only those who stay ahead of the game on compliance will win.

Information-Management:

 

 

« Taliban App Removed From Google Store
Will Capitalism Survive The Robot Revolution? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ACIS Professional Center

ACIS Professional Center

ACIS provides training and consulting services in the area of information technology, cybersecurity, IT Governance, IT Service management, information security and business continuity management.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

Atos

Atos

Atos provides a unique Cyber Security end to end solution with a data-centric and pre-emptive security approach.

OpenSphere

OpenSphere

OpenSphere is an IT company providing security consultancy, information system risk management and security management services.

Early Warning Services

Early Warning Services

Early Warning is committed to providing awareness, education, and enablement around fraud prevention.

Fortra

Fortra

Fortra (formerly HelpSystems) is your cybersecurity ally, unified through the mission of providing solutions to organizations' seemingly unsolvable cybersecurity problems.

RedShield Security

RedShield Security

RedShield is the world's first web application shielding-with-a-service company.

Datec PNG

Datec PNG

Datec is the the largest end-to-end information and communications technology solutions and services provider in Papua New Guinea.

Greenwave Systems

Greenwave Systems

Greenwave's AXON Platform enables IoT and M2M network service providers to address security, interoperability, flexibility and scalability from a single IoT platform.

FraudHunt

FraudHunt

FraudHunt protects your website from account fraud, ad fraud, fraud clicks, and malicious bots.

FraudScope

FraudScope

FraudScope is an AI-assisted platform that accelerates the identification of fraud, waste, and abuse.

Concentric AI

Concentric AI

Concentric Data Risk Monitoring and Protection. Deep Learning to discover, monitor and remediate risks to sensitive data on-premises and in the cloud.

South West Cyber Resilience Centre (SWCRC)

South West Cyber Resilience Centre (SWCRC)

The South West Cyber Resilience Centre (SWCRC) is led by serving police officers, as part of a not-for-profit partnership with business and academia.

vCISO Services

vCISO Services

vCISO Services is a small, specialized, veteran-owned firm focused on the needs of SMBs only.

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre is the jurisdiction's Cyber Emergency Response Team (CERT) and national technical authority for cyber security.

Gray Tier Technologies (GTT)

Gray Tier Technologies (GTT)

Gray Tier is an advanced security company that focuses on developing technical solutions to the toughest cyber security challenges facing our customers.