Eight Reasons Why US CEOs Care About New EU Privacy Laws

Uploaded on 2016-04-11 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

A major change is on the way in how American companies must handle European citizens’ personal data.

The EU recently rejected Safe Harbor rules that would have allowed US companies to manage EU data under existing US law. Now, new legislation will tighten the rules—and the penalties—significantly, to better protect European citizens’ personal data.

The stakes are being raised considerably for any business dealing with any data on EU citizens. As the EU takes the global lead on ensuring data privacy, the changes coming soon will likely have further reaching implications moving forward. Here are 8 reasons you can’t afford to ignore these new regulations:

One - A new set of rules called Privacy Shield will build on Safe Harbor to add regulation of the US government’s surveillance of non-US individuals’ data, something that has not been covered before. That means that if the government is sniffing your company’s data and surveys EU citizens’ personal identifying information (PII) in the process, your company could be complicit in a Privacy Shield violation, not to mention risk reputation damage.

Two - Privacy Shield provides a new dispute resolution process that permits EU citizens to sue US government agencies if they believe their privacy was infringed upon. While certainly the agency in question is on the hook, your company could be dragged into the process by default.

Three - Even more severe, the proposed General Data Protection Regulation (GDPR) would fully extend the jurisdiction of EU data laws to any companies holding EU citizens’ data.

Four - Failure to comply with GDPR carries potentially enormous penalties—up to 5% of revenue. Again, this doesn’t include potential damage from a tarnished reputation.

Five - GDPR also includes the “right to be forgotten.” Think of this in terms of an Internet expunge—any company which publishes information regarding an EU citizen must have the capability to remove records pertaining to individual citizens upon request, particularly with regard to anything unflattering or potentially damaging.

Six - GDPR also requires rapid mandatory disclosure of data breaches of any size. Not only is meeting the timely disclosure requirements a challenge, but again, the potential damage in the court of public opinion could be great, even in events or cases where no harm comes to those whose data is potentially leaked.

Seven - Most conventional analytics tools require that data be copied onto local physical servers for analysis, and by default, that includes PII. The risk of a breach under these circumstances is significant, to say nothing of the inefficiency of moving these massive amounts of data around. This means that all companies using these tools are at a significant risk, and should be investigating alternative options. For example, data-linking technology allows the customers’ low-level data (including PII) to remain in its original storage for analysis. 

The data is scanned in situ, and only a summary data set is returned to the analytics engine. Native K-anonymity also helps to solve the PII problem by returning to the analytics engine only data clusters large enough to prevent identification of individual users. These features, available in some solutions like BeyondCore, provide a far higher level of protection than typical data masking or other post-processing methods, enabling companies to retain the ability to conduct key data analysis even in the face of these more stringent legal rulings.

Eight - These new privacy enhancements beg the question: how long is it before these same protections are extended to all citizens—EU, US and others? The change in European data handling could very likely usher in a major sea change in data privacy and protections around the world, precipitating a major shift in the way companies must deal with all PII data.

While neither Privacy Shield nor GDPR have been enacted yet, Privacy Shield has been ratified and implementation is forthcoming. Meanwhile, GDPR is still under development, but most experts predict it will go into force in 2018.

In today’s international business market, these new rules will impact virtually every businesses operating in the US and around the world, even those with just a single EU customer. That’s why it’s urgent that companies act now to plan a complete review and audit of their current data privacy, security and compliance policies, including analytics processes, against these new regulatory requirements. 

The stakes are about to get much higher, and only those who stay ahead of the game on compliance will win.

Information-Management:

 

 

« Taliban App Removed From Google Store
Will Capitalism Survive The Robot Revolution? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

SSLGURU

SSLGURU

SSLGURU bring all of the major SSL certificate vendors to one market place in order to create the world's largest SSL store with the most competitive prices.

Janusnet

Janusnet

Janusnet develops software and solutions for organisations to enforce and manage data security.

BTWorks

BTWorks

BTWorks provides identity management and anti-phishing / smishing solutions for web and mobile apps.

Crypta Labs

Crypta Labs

Crypta Labs is an Award Winning IOT Security startup that is developing a quantum-based encryption chip to secure the Internet of Things.

Tevora

Tevora

Tevora is a specialized management consultancy focused on cyber security, risk, and compliance services.

HudsonCyber

HudsonCyber

HudsonCyber, part of HudsonAnalytix, provides leading cyber risk management services for the global maritime transportation industry.

Dreamlab Technologies

Dreamlab Technologies

Over the last 20 years, Dreamlab Technologies has established itself as a source of constant innovation within the information security landscape.

IUCC Cyber Unit - Israel

IUCC Cyber Unit - Israel

IUCC Cyber Unit safeguards Israel’s National Research & Education Network (NREN).

Veriff

Veriff

Veriff provides highly-automated identity-verification services that prevent fraud like nothing else on the market.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

Sayata Labs

Sayata Labs

Sayata delivers a streamlined solution for processing cyber policies. Increase profitability with an easy and intuitive platform.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

KingsGuard Solutions

KingsGuard Solutions

KingsGuard Solutions is a San Diego Cybersecurity company that specializes in complex and innovative security solutions for companies throughout Southern California.

Radius Technologies

Radius Technologies

Radius Technologies is trusted by progressive SMEs to deliver world-class cloud, IT solutions, IT and data security, and telecoms systems.

Venticento

Venticento

Venticento is an IT company specialized in consulting and network support and assistance for companies that need to make their business processes more effective.