FROM last week Friday (25th May 2018) there was another reason to take data security and protection measures more seriously, in case you had not yet responded to scandals involving data leaks, misuse of Facebook data, or even the work of outfits including Cambridge Analytica, and Wikileaks.
If you hold or manage personally identifiable data for data subjects inside the European Union, the General Data Protection Regulation or GDPR has come into effect. This means that breaches of your data and may attract a strong response: from warnings and data protection audits, to a hefty fine of four percent annual global turnover. Data protection should now be designed by default into your systems and processes.
The idea that our own internal processes for managing data may have impacts beyond our border may be troubling, but it is also a sign of effective representation. The breaches which have previously made dizzying headlines and caused anxiety for customers may now cause shoddy practices to be addressed. Of course, the correct implementation of effective measures to protect data will provide relief, but these new regulations show how seriously some governments take the correct handling of personal data belonging to their citizens.
Interestingly, this also provides a useful measure for the application of correct data protection measures. If you fail to adequately protect data, then you can easily calculate the potential loss to yourself. If you have taken measures to encrypt or render your data unreadable to anyone who maliciously accesses your database, then you also have some measure of relief. The warning is clear. If you intend to do business in an increasingly global environment, then time is up for providing proper measures to protect that data.
If this thinking of ‘protection by design and default’ is not be new to you, then congratulations! You are safe! On the other hand, if you are unsure, it may be worthwhile to review your practices to ensure compliance. Not just to avoid sanctions, but to do the right thing, and take effective measures to avoid embarrassing or damaging data leaks.
—
To share your views, contact the author at: www.datashore.net or via The VOICE.
About the Author
Dr. Lyndell St. Ville is an ICT Consultant based in Saint Lucia. His expertise includes systems analysis, design, and capacity building.