In recent years, data breaches involving personally-identifiable information (PII) scaled to unprecedented numbers. The Equifax case alone affected more than 145.5 million people, exposing information including names, birthdates, street addresses, credit card numbers and Social Security numbers.
While cybercriminals never stop trying to find a new vulnerability to exploit, they can’t take the blame alone, as the same companies trusted with valuable PII often make a hacker’s job much easier. Companies assume a lax cybersecurity posture, fail to implement basic security controls such as patch management, and drop the ball on employee awareness.
Unfortunately, cybercriminals and breaches are not the only threats to private information, as proven by the way Facebook misused customers’ data in the Cambridge Analytica case. This culminated in greater pressure for updated laws that made sure people’s personal information was adequately handled and protected. While many countries are still in the process of updating and approving new privacy rules, the European Union (EU) is ahead of the curve with their General Data Protection Regulation (GDPR).
What is the GDPR and How Am I Affected by It?
The GDPR is EU’s most important change in data privacy regulation in 20 years, but its impact is not limited to the Old World. In fact, its application is not limited to organizations located within the EU at all; indeed, it’s mandatory for any organization (including the ones located outside of the EU) that offers goods or services to, or monitors the behavior of, EU data subjects.
To summarize: after the two-year transition period that ended in May 2018, the GDPR applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
So what happens if a company fails to comply with the GDPR? Well, aside (Read more…)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Claudio Dodt. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/-SrWGz1FwJ0/