May 25, 2020 marks the second anniversary of when the European Union’s General Data Protection Regulation (GDPR) took full effect. Undoubtedly, many organizations have succeeded in achieving compliance with the Regulation by now. But that raises some important questions.

What benefits have those organizations experienced in achieving compliance, for instance?

Have they encountered any drawbacks along the way?

And how can those organizations that remain non-compliant finally get over the finish line?

To find out, we asked experts in the infosec field to weigh in on the first two years of GDPR’s implementation. Their responses help to illuminate all the progress that organizations have made and all the work they could yet complete in the name of safeguarding consumers’ privacy.

Javvad Malik | Security Awareness Advocate at KnowBe4

It’s been an interesting two years since GDPR came into force. In that span of time, over 1,300 fines have been imposed in response to the Regulation. If you look at the numbers graphically, we can see that there has been a consistent month-to-month upward trend in the number of fines. I don’t think this will stop any time soon.

Additionally, the cumulative total amount of fines has reached over 450 million euros, and that number keeps climbing. The two highest fines imposed have been due to insufficient technological and organisational measures for protecting data (basically security controls) at 204 million euros and 110 million euros, respectively.

At some point, there will be an organization that receives the maximum imposed penalty of 4%, but most likely, it will be due to negligence in implementing proper security controls to protect personal data. That vulnerability will be exploited and cause an unprecedented data breach, which is when we will see the regulators bring down the 4% hammer.

GDPR has brought the (Read more...)