Time is running out to meet the GDPR compliance deadline
The General Data Protection Regulation (GDPR) is a regulation that requires businesses to protect the personal data and privacy of European Union citizens for transactions that occur within EU member states. Non-compliance could cost companies hefty fines. The GDPR passed in 2016 with a compliance date of 25 May 2018. Indeed, the clock is ticking.
The GDPR replaces outdated regulations passed in 1995, when the Internet, electronic commerce, and online transactions were still in their infancy. Today, consumers private data transmitted over the internet has increased exponentially and with this abundance comes increased vulnerability of misuse or theft. The reality is that as technology continues to advance, the risks and vulnerability of data-related crime increases.
A poignant example of the gravity of the issue which lends validity to increased regulatory oversight is the recent situation with the partnership between Facebook and Cambridge Analitica, a US-based political data firm. Cambridge Analitica is charged with improperly harvesting information of up to 87 million of Facebook’s users.
This scandal is another proverbial PR “black eye” for the social media network, which mishandled personal identifiable information (PII), including users phone numbers after the acquisition of the popular application “Whatsapp.”
David Baser, director of Product Management at Facebook, acknowledged that the US company has been using its marketing tools to collect data even from people outside the social network. This data collection happens when a user presses the “like” button or “share” on a post or when using their account in the social network to subscribe or register in any portal. According to Baser, This is a common practice in the social media world, practiced by other large companies. This practice allows Facebook to improve its content and advertising.
Leaders in the Information Security sector, especially in Europe, have been warning about the abuses committed by Facebook and other portals for years. On May 25, after six years of debate, the GDPR will finally be a reality. Companies out of compliance with the GDPR can face severe financial sanctions, one of which could be the assessment of fines up to 4% of their annual revenue.
The primary objective of the GDPR is to give EU citizens and residents control over their data and to simplify the regulatory environment of international business by unifying regulations within the EU. When the GDPR takes effect, it will replace the Data Protection Directive and, unlike the latter, it does not oblige national governments to approve any enabling legislation, which is why it is directly binding and applicable.
Additionally, the GDPR extends the scope of EU data protection legislation to all foreign companies that process data from EU residents. It provides a harmonization of data protection regulations throughout the EU, thus facilitating non-European companies to comply with these standards.
The GDPR will also have an impact on companies that offer storage and security services in the Cloud. These service providers have had to make significant preparations to meet the control and flexibility of data storage with the utmost security, as required by their clients and these new regulations.
At Dade2 we have experts in the field of Information Security, Applications, and Networks. Our infrastructure is designed to offer the highest level of security for your data throughout the information processing cycle. We provide the services and support needed by companies facing the risks of a new system implementation or procedure to comply with GDPR through remote data privacy assessments and security officials. Contact us today to get info about how we can help your company being GDPR compliant before May 25th.