GDPR – Improving Data Privacy and Cyber Resilience?
Almost a year ago, the European Union’s General Data Protection Regulation (GDPR) went into effect. The law requires any organization that stores or processes personal information about EU citizens within EU states to comply with GDPR, even if they do not have a business presence within the EU. Organizations that are found to be non-compliant can be fined up to four percent of their annual global turnover or €20 Million (whichever is greater). Many industry experts had high hopes that GDPR would have a positive impact on protecting the privacy rights of EU citizens, while helping businesses strengthen their cyber security posture as an added benefit. Let’s consider whether these expectations have been met.
Due to the sheer volume of data breaches and cyber-attacks that have exposed billions of personal data records over the past several years, legislators in the EU saw the need to enact further privacy protections for its citizens. GDPR aims to harmonize data privacy laws across the region, protect EU citizens’ data, as well as reshape the way organizations approach data privacy. Inherently, GDPR provides consumers with a right to consent to the storage of their data and be able to review their own personal data in terms of how it is being processed. In addition, organizations are required to notify the appropriate national bodies and impacted consumers as soon as possible about a personal data breach to ensure EU citizens can take appropriate measures to prevent their data from being abused.
The data that falls under GDPR protection ranges from basic information (e.g., name, address, ID numbers), Web data (e.g., geolocation, IP address, cookie data, RFID tags), health and genetic data, biometric data, racial or ethnic data, and political opinions to sexual orientation. ..Read More..