Incident 1: Facebook, Cambridge Analytica data leak
According to The New York Times, Cambridge Analytica tried to influence the 2016 Presidential elections in America. This was executed by using data collected from over 50 million Facebook profiles under the false pretext of educational purpose by Cambridge university lecturer Aleksander Kogan.
Incident 2: Swisscom customer data breached
The personal data of 800,000 Swisscom customers was compromised after the security of one of its sales partners was breached. During an internal audit, Swisscom discovered that unidentified sales partners were granted access to view the database.
Incident 3: L’express customer data exposed
For weeks, the personal data of over 693,000 L’express readers was available in a publicly accessible database, without any password protection. This exposure came to light when a Florida resident, Mickey Dimov, accidentally found the database.
These incidents are just three of the plethora of cybersecurity incidents that happen around the clock. Protecting customer data means always staying one step ahead of hackers, but since many companies are reluctant to invest in cybersecurity, governments are coming up with stricter mandates to emphasize the importance of data security.
How the GDPR aims to end data security negligence
The GDPR (General Data Protection Regulation) is an upcoming regulation created by the European Union. The GDPR’s strict requirements and huge non-compliance penalties make it stand out from all other regulations in the industry. When the GDPR goes into effect on May 25, 2018, any organization that targets consumers in the EU, processes the personal data of EU citizens, or monitors the behavior of EU data subjects will have to comply with its requirements, or risk paying penalties of €20 million or four percent of their global annual turnover, whichever is higher.
The GDPR aims to provide individuals with more control over how their personal data is handled by enterprises. It mandates that organizations enhance their security strategies to ensure data security at all levels, as well as prepare an outline of post-breach strategies to minimize the impact of an attack.
With only two months left before the implementation of the GDPR, it’s high time that enterprises collecting and processing the personal data of EU citizens take the appropriate steps to comply with the GDPR. To simplify your journey to GDPR compliance, here are several resources for you to use.
Free resources for GDPR compliance
