New GDPR Mandate Will Levy Hefty Fines Against Companies That Are Careless With Personal Data
2017 was the first year in history where the number of internet-connected devices outnumbered the human beings on the planet.
We are a “well connected” society but there is a staggering amount of technology that is constantly using, and sharing, data, most of which is created and curated by individuals.
With this connection comes risk, however. Data and personally-identifiable information have become hot commodities for cyber criminals. In fact, cyber-crime damage costs are expected to reach 6 trillion dollars annually by 2021, and organizations will have to deal with rising security and training costs to help keep all the personal information that they collect safe. Additionally, attacks on individuals are expected to climb to more than 6 billion per year by 2022. What this means is that your personally-identifiable information, and the data you share online, are now the number one, most-targeted item during a cyber-security incident.
European Union Mandates GDPR To Safeguard Information
On May 25, the European Union enacted the General Data Protection Regulation (GDPR). Building off the Data Protection Directive of 1995, GDPR seeks to change the fundamental conversation businesses and individuals have around their data, and the proper use of it. GDPR is enacted with the belief that data privacy is a fundamental human right, and businesses that collect, process, and store data must take certain steps to make sure that their end users’ private information is being protected and used appropriately.
GDPR Fines Can Be Billions of Dollars
Businesses that fall under GDPR, namely organizations that collect and process data on or from European citizens, must now meet certain mandates or be subject to harsh fines — as well as reputational harm. GDPR has the ability to fine an organization up to 20 million Euros, or 4 percent of its global revenue, whichever is larger, should it be found to be in violation of any number of the articles of GDPR.
A large U.S.-based retailer who is found in violation of GDPR could stand to lose $19 billion under the current GDPR directive, not to mention the potential loss of millions of customers. This is perhaps the first time that a global initiative has levied such strict penalties. This will change the conversation in almost every major industry about how and why they are collecting personal information. Services like Google, Facebook, and other platforms that derive revenue from collecting, processing, and potentially monetizing our private information will have to address the ways in which they can do that and still be GDPR compliant.
For Businesses, Not All Is Bad News
Critics of GDPR have said that the loss of data-curation abilities will likely lead to a rise in cost of services we have traditionally known as “free.” The counter argument is that without solid data-privacy strategies, organizations will be spending more in remediation for each data breach, as well as losing more in reputational harm. Facebook lost between $80 billion and $100 billion in the wake of the Cambridge Analytica scandal. While the GDPR does impose stiff fines, it can actually help organizations avoid costly mistakes by giving them an understandable path to protecting user information.
We are in living in an era where data is king. Businesses are doing everything they can to collect and understand every ounce of data, while we, as end users, have become accustomed to this. We briefly skim the terms and conditions of every service we use, and enjoy the absolute convenience that comes from our favorite businesses knowing more about us than we know about ourselves.
However, with real power comes real responsibility. Organizations are now understanding how valuable our data is, both for the revenue it creates, and also the risk it poses to their business sustainability. GDPR is guiding the entire world in the best practices for keeping our information safe and secure, and allowing organizations the framework for avoiding damaging data breaches while keeping their consumer base secure and loyal.
Critics may point to rising costs from organizations adjusting their best practices, and while data is a commodity, it is also a much larger risk. By managing this risk and engaging with GDPR legislation, organizations of all size and shapes can avoid costly missteps, increase customer satisfaction, and steer clear of the negative impacts of being involved in an incident in which personal data is compromised.
By changing the conversation about the fundamental right we have to privacy, GDPR, and other legislation that will follow, has paved the way for the next evolution in best business practices and security. Gone are the days when being connected was a privilege. We must view the connected society as a right, and with that, the protection of our data and information are paramount.
Sales Manager, Logical Operations
Jon O’Keefe was Deputy of Counter Intelligence for Geek Squad/Best Buy from 2005-2011. He then worked at SSH Communications Security as a Federal Channel Manager and Solutions Architect in Data in Transit Security. He joined Logical Operations in 2016, and is a Territory Sales and Account Manager and Data Privacy/Cyber Security Expert. He has held A+, Network+, Security+, and MCSA status. O’Keefe is passionate about security and privacy, and believes that human beings as content curators should have an automatic right to online privacy. Logical Operations is partnering with UConn’s Connecticut Information Technology Institute to offer certificate courses on data privacy.