Article

William Yates
William Yates 7 March 2016
Categories Technology

GDPR: What Is It And Why Should You Care?

In recent years data breaches, hacking, data theft and online fraud have emerged as massive issues at both the corporate and governmental level, exposing targets to extreme financial instability and nation states to political or defence vulnerabilities.

Anthem Insurance, Home Depot, Adobe and the UK NHS have all been hacked or even had data physically stolen and whichever way, the impact on data privacy is significant as sensitive personal data is released into the public domain.

Data Security: How Big Is The Issue?

Over the past year, the UK has suffered the greatest number of data breach incidents in the EU, with 63 by end-Q2 2015; way above Germany with 8, and the Netherlands with 6.

Interestingly, in these breaches 8.3 million records were exposed, which is only 3.4% of the global total of 246 million: the US accounted for 49% of all records compromised, with Turkey at 26%.

The first half of 2015 also shows a 10% increase in data breaches on the same period a year previously, while the number of records stolen reduced by 41%. This may be due to a smaller number of mega-breaches but very likely indicates varying regional security and data protection compliance.

eu-flag-1568439_500x585.jpg

Cohesive Trans-EU Protection

The current EU Data Protection Directive 95/46/EC is about twenty years old, and is from a very different time.

As technological evolution accelerates exponentially so security gaps, critical issues such as trans-national operation, developments in social networks and cloud computing have evolved and are not covered in a legally cohesive and meaningful way.

The new EU-wide General Data Protection Regulation (GDPR) will transcend any local data privacy laws and will be designed to provide a more comprehensive and wide-ranging legal framework, which will deliver much tougher personal data privacy legislation.

What Is GDPR?

GDPR is a Regulation with which the European Commission intends to strengthen and unify data protection within the European Union (EU), and is designed to also address the export of personal data outside the EU.

The Commission’s primary objective with GDPR is to simplify the regulatory environment for international business by unifying the regulation within the EU, and unlike a Directive, it does not require legislation to be passed by governments.

What GDPR Means To You

photo-1453060113865-968cea1ad53a_500x333.jpg

The proposed new EU GDPR data security programme expands the scope of EU data protection law to all non-EU companies processing the data of EU residents. It synchronises data protection regulations throughout the EU, making it much simpler for non-European enterprises to comply with these regulations.

While the precise wording of GDPR and financial penalties for transgression have yet to be finalised, GDPR has a very stringent data protection compliance administration with severe and rigorously imposed financial penalties of up to 4% of global gross revenue or €20,000,000 – whichever is greater – for non-compliance.

What About Your External Vendors?

While this EU-wide regulation relates to the data owner – the entity legally accountable for the data -laws relating to data management, processing and security will also impact on your enterprise if there are contraventions by third party vendors, such as your digital marketing agency.

This means that you, and your enterprise must be confident that such third party vendors have the required legal know-how and competency in current EU Data Protection Directive 95/46/EC as well as upcoming GDPR.

The most resilient verification of this is that your agency has ISO 9001 certification for data management and very importantly, ISO 27001 data security certification.

Where Do You Seek Assistance

photo-1454165804606-c3d57bc86b40_500x333.jpg

Surprisingly, help is very scarce. My agency, Novacom, has both of these critical certifications so I was surprised to learn that according to ISO’s own statistics, only 0.06% of registered UK organisations (that covers everything from government departments to banks) were ISO 27001 certified.

And it’s even less prevalent in the US, one of the EU’s top trading partners, at 0.0036% of all registered companies. Given that trade often means data transfer, transferring data to a potentially unregulated destination could prove to have very serious legal and financial impacts on you and your EU-based enterprise.

Action Points

The current EU Data Protection Directive 95/46/EC legislation is generally little understood in many areas of the EU, and in many respects quite poorly enforced. 

But with the recent growing number of data breaches, and GDPR coming soon, this situation will change very quickly.

GDPR and rapidly increasing cybercrime incidents mean companies must start taking data security seriously to mitigate security risks much more effectively.

This means not only auditing current internal security and data privacy procedures, but now ensuring your third party vendors offer the same high level of security.

Mark Steve
Mark Steve

Very nice description of GDPR.

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
4 Important Digital Marketing Channels You Should Know About

4 Important Digital Marketing Channels You Should Know About

It goes without saying that a company can't do without digital marketing in today's world.

Digital Doughnut Contributor
Digital Doughnut Contributor 5 November 2014
Read more
Digital Marketing Vs. Traditional Marketing: Which One Is Better?

Digital Marketing Vs. Traditional Marketing: Which One Is Better?

What's the difference between digital marketing and traditional marketing, and why does it matter? The answers may surprise you.

Julie Cave
Julie Cave 14 July 2016
Read more
Life of a Twitter Influencer [Infographic]

Life of a Twitter Influencer [Infographic]

The following infographic Illustrates the life of a Twitter Influencer and includes everything from earnings, cheatsheets and social movements started on Twitter. While Twitter may not be the most popular social channel it is still one of the most powerful channels to spark online conversation. If you're a Twitter influencer, this infographic is the ultimate guideline to your future tweets.

Chiara Di Rago
Chiara Di Rago 30 November 2016
Read more
50 Chrome Extensions That Will Boost Your Productivity

50 Chrome Extensions That Will Boost Your Productivity

Today you can find Google Chrome extensions for almost anything that you can think about. In the sea of available extensions, it can be a hustle to choose which one are the best for your type of the business.

Aleksej Durdevic
Aleksej Durdevic 29 November 2016
Read more
Digital Marketing - The Wave of the Future

Digital Marketing - The Wave of the Future

With social media platforms like Facebook holding well over 1.6 billion users world-wide (and counting), these digital platforms have become the new marketplace. In order to properly promote business brands and products or services, an online company needs to employ the services of a specialist known as a digital marketer.

Mohammad Farooq
Mohammad Farooq 29 November 2016
Read more