How GDPR Can Be Your Halloween Fright

Halloween has always been a favourite time of year for me going up in Canada. I was never really was able to put my finger on the “why” of it exactly. Probably the candy but, these days I taken to the habit of examining the things in life that scare me. Review the things that go bump in the night the we need to talk about in order to remove the fear. Ignoring threats does little to assuage fears.

One such spectre that haunts the halls of companies the world over is the EU General Data Protection Regulation or GDPR.


Have you ever taken a moment to wonder where all the information the you share online ends up? Who has access to your personal data, web surfing history or online spending habits? This data has monetary value for companies and often gets shared without your knowledge. GDPR aims to wrap controls around this sort of behavior.

GDPR became a going concern on April 14, 2016 when it was passed by the EU Parliament. This regulation is set to come into force on May 25, 2018. Do you have customers in the EU? Do you do business in the EU? Then this will apply to your company.

Did it just get very chilly in here?

The idea behind the regulation is to bring various European data privacy laws under a single banner. Under the new rules of the GDPR, the dangers of not being complaint can have a material impact on the financial status of an organization. The fines can be €10 million or 2{dbfcf201b6c5c222e259d4f2fe846e83faab30e5cf4cea18302fdf949135a1d7} worldwide annual turnover and €20 million or 4{dbfcf201b6c5c222e259d4f2fe846e83faab30e5cf4cea18302fdf949135a1d7} worldwide annual turnover. In both cases ‘whichever is higher’ is the fine to be applied. An example, failing to prove that the personal data processed has been adequately protected in case of breach. This is a key element. The organization’s reputation is on the line.

So, why should you care? Why might this be a fear lurking under your company’s bed? The penalties have the risk of being substantial. GDPR requires that organizations processing personal data be able to demonstrate that “appropriate” security measures are effectively and efficiently protecting the personal data processed. Meeting this obligation is complicated by the fact that organizations often utilize many third parties to provide specific data processing activities.

When it comes to GDPR, what keeps you up at night? I put this question to Thomas Fischer, Global Security Advocate, Digital Guardian. What is the single most terrifying aspect of GDPR for you as a security professional? “Misinterpretation and misunderstanding around the GDPR is the most worrying aspect today because it is creating a deep-rooted lack of preparedness. The GDPR is being made out to be a compliance issue, when in reality it is about accountability; making the company and management teams ultimately responsible for a data breach. Over the past year, I’ve seen a lot of vendors touting products that they say can make companies GDPR compliant, but I need to question this reality when, for example, a SIEM vendor is making such claims and yet their role traditionally has not been to identify or understand what is happening to data. What worries me most is that this approach could easily lead companies to make the wrong decisions around GDPR and thus not implement the correct protections.

Original article source:

Sharing is caring!

Leave a Reply

Your email address will not be published. Required fields are marked *