In the wake of data breaches, hacks and leaks of trust like those by Cambridge Analytica, user privacy has quickly become a key issue of our time. While the United States’ policymakers have yet to take on the challenge of just how to define the rules of our connected and integrated online society and the data that runs through it in a comprehensive way, European regulators have already taken a crucial step. That step, of course, is Regulation 2016/679 of the European Parliament — or, as it is more commonly known, the General Data Protection Regulation (GDPR).
While the GDPR was passed in Brussels, companies around the world and the security professionals that protect them have also been directly impacted. This is not only because they could be interacting with data owned by or about European citizens, but because of rising expectations of users at home in their own countries.
Just how much security managers have been affected and in what ways they will have to adapt is just beginning to be understood because, as noted by CSO Magazine, the GDPR leaves much to interpretation. For example, what exactly is a “reasonable” level of protection for personal data?
While businesses are still finding their way through this new reality, this article explores how, with the right understanding, organizations and security managers can use the expectations of the GDPR to promote privacy without stepping in the way of business or minimizing security.
What is the GDPR?
If you haven’t heard of the GDPR in the two years since its passage, don’t worry; according to an IDC survey of 700 companies in European countries, 22% weren’t aware of the GDPR. An additional 52% knew about it, but not how it would impact them.
Adopted in April of 2016, the GDPR (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Patrick Mallory. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/dtNtjY6XvMo/