EU’s New Privacy Regulations is on the Way
EU has this GDPR which set the privacy regulation to protect its residents. This is a set of directives that directs companies how to comply with the regulation, no matter where the data is stored electronically or in the filing cabinet. EU residents will enjoy enhancing privacy rights. Companies will have to strictly fall in line to keep the data protected.
Failure to comply will invite strong action for the data breach, with fines ranging up to 4 percent of their global turnover or 20 million euros.
Brad Smith, Microsoft chief legal officer and president of Microsoft Corp said “If you have customers in the EU, this matters to you,” He further added “If you have employees in the EU, this matters to you. If you’ve even heard of the EU, this matters to you.”
This means the regulation applies to any company in the world that holds any piece of information about an EU living customer. Nevertheless, if it is an email for the newsletter, or for market research or any digital transaction, and in case of any breach means you are booked.
“GDPR is first and foremost a legal compliance issue,” said Sheila Fitzpatrick, chief privacy officer and worldwide data governance and privacy counsel at NetApp. “Of the 99 articles in the GDPR, only eight deal with technology. You must build a privacy foundation in your company,” she said. It’s not just a tech issue either, it also relates to data storage, management, and protection vendor.
According to the GDPR FAQ, it includes “any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.” It even applies to information gathered by IoT devices, if it can somehow be tied back to an individual.”
The regulation is applicable to both the processor and the data controller, which determines which personal data is collected and for what reason, what are the process methodology. So both the service providers as well the customer are liable.
This ordinance has put the organization in a very tight situation because more than 50 percent of the companies have no hold on the data, which is not in their control.
As Brad Smith said “It’s a problem we have to solve together,” Smith said. “We need to ask ourselves three things: what do Microsoft and the tech industry need to do, what do companies need to do, and what does the world need to do.”
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.