Eight Reasons Why US CEOs Care About New EU Privacy Laws

Uploaded on 2016-04-11 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

A major change is on the way in how American companies must handle European citizens’ personal data.

The EU recently rejected Safe Harbor rules that would have allowed US companies to manage EU data under existing US law. Now, new legislation will tighten the rules—and the penalties—significantly, to better protect European citizens’ personal data.

The stakes are being raised considerably for any business dealing with any data on EU citizens. As the EU takes the global lead on ensuring data privacy, the changes coming soon will likely have further reaching implications moving forward. Here are 8 reasons you can’t afford to ignore these new regulations:

One - A new set of rules called Privacy Shield will build on Safe Harbor to add regulation of the US government’s surveillance of non-US individuals’ data, something that has not been covered before. That means that if the government is sniffing your company’s data and surveys EU citizens’ personal identifying information (PII) in the process, your company could be complicit in a Privacy Shield violation, not to mention risk reputation damage.

Two - Privacy Shield provides a new dispute resolution process that permits EU citizens to sue US government agencies if they believe their privacy was infringed upon. While certainly the agency in question is on the hook, your company could be dragged into the process by default.

Three - Even more severe, the proposed General Data Protection Regulation (GDPR) would fully extend the jurisdiction of EU data laws to any companies holding EU citizens’ data.

Four - Failure to comply with GDPR carries potentially enormous penalties—up to 5% of revenue. Again, this doesn’t include potential damage from a tarnished reputation.

Five - GDPR also includes the “right to be forgotten.” Think of this in terms of an Internet expunge—any company which publishes information regarding an EU citizen must have the capability to remove records pertaining to individual citizens upon request, particularly with regard to anything unflattering or potentially damaging.

Six - GDPR also requires rapid mandatory disclosure of data breaches of any size. Not only is meeting the timely disclosure requirements a challenge, but again, the potential damage in the court of public opinion could be great, even in events or cases where no harm comes to those whose data is potentially leaked.

Seven - Most conventional analytics tools require that data be copied onto local physical servers for analysis, and by default, that includes PII. The risk of a breach under these circumstances is significant, to say nothing of the inefficiency of moving these massive amounts of data around. This means that all companies using these tools are at a significant risk, and should be investigating alternative options. For example, data-linking technology allows the customers’ low-level data (including PII) to remain in its original storage for analysis. 

The data is scanned in situ, and only a summary data set is returned to the analytics engine. Native K-anonymity also helps to solve the PII problem by returning to the analytics engine only data clusters large enough to prevent identification of individual users. These features, available in some solutions like BeyondCore, provide a far higher level of protection than typical data masking or other post-processing methods, enabling companies to retain the ability to conduct key data analysis even in the face of these more stringent legal rulings.

Eight - These new privacy enhancements beg the question: how long is it before these same protections are extended to all citizens—EU, US and others? The change in European data handling could very likely usher in a major sea change in data privacy and protections around the world, precipitating a major shift in the way companies must deal with all PII data.

While neither Privacy Shield nor GDPR have been enacted yet, Privacy Shield has been ratified and implementation is forthcoming. Meanwhile, GDPR is still under development, but most experts predict it will go into force in 2018.

In today’s international business market, these new rules will impact virtually every businesses operating in the US and around the world, even those with just a single EU customer. That’s why it’s urgent that companies act now to plan a complete review and audit of their current data privacy, security and compliance policies, including analytics processes, against these new regulatory requirements. 

The stakes are about to get much higher, and only those who stay ahead of the game on compliance will win.

Information-Management:

 

 

« Taliban App Removed From Google Store
Will Capitalism Survive The Robot Revolution? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Akademie (CAk)

Cyber Akademie (CAk)

Cyber Akademie is a training and education center providing high-quality training and information events on information security and data protection.

Averon

Averon

Averon's technology is the new gold standard for digital identity - the easiest, fastest and most secure verification solution for users on both WiFi and LTE.

Codeproof Technologies

Codeproof Technologies

The Codeproof enterprise mobility solution empowers your business to secure, deploy and manage mobile applications and data on smartphones, tablets, IoT devices and more.

International Cybersecurity Institute (ICSI)

International Cybersecurity Institute (ICSI)

ICSI is a UK company offering specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals.

ChainSecurity

ChainSecurity

ChainSecurity provides products and services for securing smart contracts and blockchain protocols and conducts R&D in the areas of security, program analysis, and machine learning.

Snode Technologies

Snode Technologies

Snode's Guardian cybersecurity platform uses AI and machine learning to monitor, detect and proactively respond to all threats on every device within your network.

Octiga

Octiga

Octiga is an office 365 cloud security provider. It offers Office 365 monitoring, incident response and recovery tools.

US Coast Guard Cyber Command

US Coast Guard Cyber Command

US Coast Guard Cyber Command’s focus is to ensure the security of our cyberspace, maintain superiority over our adversaries,and safeguard our Nation’s critical maritime infrastructure.

Swissbit

Swissbit

Swissbit AG is the leading European manufacturer of storage, security and embedded IoT solutions for demanding applications.

Nanitor

Nanitor

Nanitor is a powerful cybersecurity management platform focusing on hardening security fundamentals across your global IT infrastructure.

Otava

Otava

Otava is a global leader of secure, compliant hybrid cloud and IT solutions for service providers, channel partners and enterprise clients.

QuantumCTek

QuantumCTek

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center (ACC)

Azerbaijan Cybersecurity Center is a state-of-the-art facility to deliver advanced cyber training programs and build the next generation of Azerbaijan’s cybersecurity professionals.

Badge

Badge

Badge authenticates you on-demand for every application, on any device, without storing any secrets.

Hydden

Hydden

Hydden gives security teams the ability to create a solid foundation to build a truly next-gen identity security practice by bridging the gaps between siloed teams and technologies.

Edera

Edera

Edera is changing the way containers are run and secured, making isolation a reality and fundamentally transforming computing in the process.