Diving into GDPR and What It Means for Cybersecurity
Unless you've been living under a rock, you've probably been getting spammed by GDPR emails left and right. There's been plenty of confusion going around, too - what is the GDPR? Why am I getting these emails? Should I open them or can I just delete them? We're here to answer your questions.
What is the GDPR?Since 1995, data collection and retention in the EU has been governed by the European Data Protection Directive. The GDPR - the General Data Protection Regulation - is an update for the modern age.
What will it change?The GDPR is an EU-wide regulation, but it will have implications for companies around the world. Any company that handles the data of EU citizens either itself or through a subsidiary will need to comply and implement a data governance strategy. The core principles of the GDPR are:
- The right to be forgotten: The right to be forgotten allows EU citizens to request that data about them that is no longer relevant be removed from websites or search engines. This right has been on the books in Europe for some time, but it has now been clarified that international companies will have to comply as well.
- Privacy by design: The GDPR demands that services provided to EU citizens be private by design. This means that privacy and security must be central and fundamental considerations in any service, not afterthoughts that may or may not be left out.
- Data portability: EU citizens should be allowed to move their data at will from data collector to data collector. This would obligate Facebook, for example, to package up your data for you so you could transfer it to a new social network. Please note, Facebook account deactivation does not automatically remove the data collected by the platform.
- The right to access: You should be able to find out exactly what data a website has gathered about you. Do they know your age? Where you live? Who your friends are? What your favorite ice cream flavor is? The GDPR says you should be guaranteed the right to find out.