Fonte: Hight Tech Bridge
A brief overview of the most important security and privacy incidents that may have serious GDPR ramifications.
The European Union’s General Data Protection Regulation (GDPR) came into force on 25 May 2018. Here we look at ten early GDPR-related incidents to see if there are any signs of how it will be enforced in the future.
GDPR is providing a template for a new approach to personal data protection around the world. It includes three areas that demand a fresh look at data protection compliance.
Firstly, it reverses the risk ratio between low fines and the high cost of security. In the past, companies have been tempted to say it is cheaper to risk sanctions than to pay for security. GDPR has reversed this equation. By giving regulators the option of delivering very high sanctions, risk management equations now argue strongly in favor of promoting compliance and avoiding fines.
Secondly, GDPR has also changed other aspects of data protection regulation. With earlier regulations, companies were effectively in compliance provided they weren’t known to have lost personal data. This argued in favor of keeping quiet about breaches – but now companies are in breach of the regulation if they do not rapidly disclose a loss.
Thirdly, and in a similar vein, earlier regulations concentrated on protecting personal data from hackers. GDPR now puts the user first by also providing strict regulations on when personal data can be collected, and how and by whom it can be used.
With such a dramatic shift in data protection regulation, companies around the world have been watching and waiting to see how and to what extent the European regulators will enforce GDPR. It is still too early to know, but already GDPR-related incidents are beginning to occur. Here we look at ten such incidents over the course of 2018.
Clique aqui e leia a matéria completa.
