GDPR: one size does not fit all

While much has been written about GDPR’s rules, sanctions, and fines, it appears GDPR is often treated as if its effect is equal to any company regardless of size. On paper, it seems that any company that violates the new data privacy regulation will suffer the same international sanctions. GDPR, however, will not have the same effect on every size company.  For smaller companies, the smallest fine could likely be like a death penalty.

GDPR rules and sanctions

The security sector has certainly had its fair share of breaches. Malware to man-in-the-middle attacks are aimed at getting private data and information. So, when a certain field suffers too many repetitive breaches affecting millions of innocent victims, regulation may indeed be the solution. Unless regulation is implemented to ensure fair public usage, different entities will continue to act as they wish.

The intention behind any regulatory move is usually to benefit the public and ensure its protection. Regulation can be found in any industrial field; it could be meant to prevent a monopoly, provide free and equal access to information, promise the occupational freedom of all men and women, ensure the general safety of the public or workers, etc.

It took a while for high-level regulation to reach the cyber security field and specifically data security. In fact, in 1995, the Data Protection Directive was set to guarantee the safety of personal data on digital and electronic devices. But, after more than 20 years of technology advancements, the digital world of 1995 is no longer relevant — nor are its rules and regulations. Two years ago, the GDPR (General Data Protection Regulation) was adopted. Beginning in May 2018, it will be enforced in all European Union companies and foreign companies processing data of EU residents. (General Data Protection Regulation (GDPR) requirements, deadlines, and facts)

Leave a Reply

Your email address will not be published. Required fields are marked *