EU General Data Protection: A Milestone Of The Digital Age

Uploaded on 2016-01-20 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law

The conventional wisdom is that the recently agreed-upon EU General Data Protection Regulation (GDPR) is the most-lobbied piece of legislation in the history of the European Union.

This law will likely go down as a milestone of the Digital Age, similar to industry-changing laws like the Clean Water Act or the Clean Air Act in the United States.

Just as new laws and regulations were needed to address the consequences of the Industrial Revolution, the European Union has responded to the privacy concerns presented by the Digital Revolution with a law that attempts to apply new order to the complexity of data in society.

Like most laws born of intense compromise, everyone will likely find fault with it. Privacy advocates will say it doesn’t go far enough in its risk-based approach to protect human rights. Industry voices will say it stands to cripple innovation and will consign Europe to a digital island.

Despite these differing opinions, the message to the global information economy is clear: It is time to get to work on the tough tasks of understanding and, eventually, complying with the GDPR.

Virtually every company doing business in the European Union has some challenging months ahead. Companies will need to figure out how to create a data breach response plan that both evaluates the risk of harm to consumers and still allows for regulators to be notified within 72 hours of discovery if that risk is deemed to be great.

Social media and other companies serving teen audiences will need to decide on a good way to acquire parental permission to gather the data of children. Every company will need to create systems for the demonstration of compliance with the law upon demand by regulators.

Much of this work will fall to the privacy profession. The GDPR mandates the appointment of a “data protection officer” (a DPO), a term that might be foreign to US ears. These DPOs are privacy professionals, and they’ve been proliferating around the world lately.

The new regulation requires DPOs for many companies, particularly those that handle sensitive data like biometrics or health information, but also those that make building profiles of their customers integral to their business plans. The good news is that you’ll have three years from this spring to put one in place — but the work of compliance will likely require a privacy professional in your organization far ahead of that deadline.

The potentially more challenging news is that privacy professionals are already in high demand, and will likely be even harder to find in the coming years. Training from within may be the most viable solution as companies struggle to find staff for these functions.

Without question, we will continue to see a public policy debate over many of the provisions of the GDPR. European regulators will create reams of analysis and guidance on the new regulation. Businesses will define best practices within industries and negotiate the new, risk-filled terrain of compliance. Customers will continue to demand innovative technologies that improve their lives, while at the same time expecting even greater respect for their privacy.

In this manner, the GDPR represents not a destination, but an important milestone — a marker that indicates how far we have come and how far we still have to go. Or perhaps the GDPR is more like another type of road sign: “Caution, Work Ahead.”

TechCrunch

 

« Drone Market Worth $14.9 Billion by 2020
Amazon’s Data Centers Are Located in US Spy Country »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Landry & Associates

Landry & Associates

Landry & Associates is a multidisciplinary firm specializing in risk management, performance and technology management.

TrustedIA

TrustedIA

TrustedIA is a cyber and protective security company. Our mission is to help businesses protect themselves from disruptive events that can impact their successful operation.

Nmap Project

Nmap Project

Nmap Project is a Free and open source tool for network discovery, administration, and security auditing.

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

Database Cyber Security Guard

Database Cyber Security Guard

Database Cyber Security Guard (aka Don't Be Breached) informs Security Professionals and DBAs of Zero Day, Ransomware and Data Breach attacks within milli-seconds

Ioetec

Ioetec

Ioetec's mission is to connect users to their IoT devices securely, ensuring these devices remain safe to use in our increasingly connected world.

Bright Machines

Bright Machines

Bright Machines delivers intelligent, software-defined manufacturing by bringing together our flexible factory robots with intelligent software, production data and machine learning.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Strike Graph

Strike Graph

The Strike Graph GRC platform enables Security Audits & Certifications.

Fifosys

Fifosys

Fifosys is a professional technology infrastructure specialist, delivering a broad portfolio of high quality technical and strategic managed services.

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command is responsible for Navy information network operations, offensive and defensive cyberspace operations, space operations and signals intelligence.

Redpoint Security

Redpoint Security

Redpoint Security is an application security consulting firm that is focused on all aspects of code security.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

Atlantic Data Security

Atlantic Data Security

Atlantic Data Security is skilled in the analysis, recommendation, deployment, and management of all critical components of the security infrastructure.

Infiot

Infiot

Infiot is a pioneer in enabling secure, reliable access with zero trust security, network optimization, edge-intelligence and AI driven operations for all remote users, devices, sites and cloud.

Neptune Shield

Neptune Shield

Neptune Shield's mission is to deliver cutting edge Maritime focused Cyber Security & Threat Protection through our Hampton Roads based Tech & Cyber Security Hub.