Action and reaction: GDPR and the cybersecurity threats
Action and reaction: GDPR and the cybersecurity threats
The General Data Protection Regulation (GDPR) became active on May 25, 2018. This regulation will be two years running this year – 2020. So far, there are many raised eyebrows regarding the effectiveness of the regulation, such is the case of one-third of companies in the EU not abiding by it.
So what is the future of cybersecurity in terms of threats companies and customers face in relation to their data? You’ll get a better idea of this in the rest of this article, as well as how GDPR provides a solution to those threats.
The threats to be discussed include:
- Misuse of Data by Companies
- Lack of Data Transparency
- Poor Understanding of Valuable Data
Misuse of Data by Companies
A vast majority of people do not fully understand the power of data, especially when in large quantities now commonly described as big data. However, the impact of the Cambridge Analytica scandal on the 2016 elections in the United States of America helped bring things into perspective for the average Joe on the street.
When companies collate user data, the explanation given to the public is that this data is to help improve services and hence increase customer satisfaction. However, behind the scenes, it sometimes happens that user data is being sold to third parties. When this occurs, there is evidently a break in legal agreement between the individual and the company in question. The irony however is that most times, the party breaking this legal agreement is not called to question.
With GDPR in place, companies have to adhere strictly to the data agreements with the users. One of the benefits that come with GDPR enforcement is that companies must delete user data when requested, making the user’s privacy a matter of great importance as rightly expected. On the violation of the agreements, companies will have to pay huge fines, which serves as a great deterrent.
Lack of Data Transparency
Before the GDPR, data happened to fall into a black box as far as the owner of the personal data was concerned. Majority of companies simply collected user data, and did whatever they wanted with it without most users not having any idea of the lifecycle of this data. As a result of this, data breaches occur and companies try to cover them up without letting the public know. In such cases, the users get to suffer for the breaches as third parties have access to personal data and able to carry out malicious acts; leaving the users vulnerable and unaware of this data related vulnerabilities.
With the GDPR in place, companies are forced to be more transparent about the state of user and personal data. While there is repercussion for the companies when data breaches happen, the users will also always be informed. Hence, they become better equipped to take security measures and prevent further havoc and hence reduce cyber related data breaches.
Poor Understanding of Valuable Data
All data is useful. However, in certain contexts, some data types are not essential to day to day operations of organisations. Notwithstanding some organisations still fall prey to the temptation of keeping as much data as possible thereby storing data not immediately of benefit or even of use – of course this data needs to be secured. The knock on effect of which is the high operational and related cost to adequatley fulfil this activity of securing data due to large scope of data to be protected.
The GDPR ensures that companies get to rethink their process of collecting data. The right questions get asked about what kind of data truly matters. It then becomes easier to protect this data adequately, as well as use it appropriately to the benefit of the users and the company.
Conclusion
Cybersecurity is taken lightly by many companies. As a result, they mismanage user data and do not make it a priority to keep it safe at all times. With the GDPR in place, companies are obliged to put privacy first at all times and think clearly about data that truly matters to company success. The GDPR enforcement is still in its infancy, as it will be active for two years by May 25, 2020, so it is no surprise that the positive impact it brings is slowly being observed across board.However, it is inevitable that in time, it will help improve the security and privacy of user and personal data.