9Business Cyber ImpactsBusiness Cyber Impacts (0)
4In The NewsIn The News (2)
3Press ReleasePress Release (3)
1Regulation / ComplianceRegulation / Compliance (4)
8Small and Mid-MarketSmall and Mid-Market (0)
5Thought LeadershipThought Leadership (2)
201901January1January 2019 (1)
201812December1December 2018 (1)
201811November3November 2018 (3)
201808August2August 2018 (2)
201807July1July 2018 (1)
201804April1April 2018 (1)
201803March3March 2018 (3)
201802February1February 2018 (1)
Numerous cases under the GDPR standards are now in process or have already resulted in fines being levied:
Norway: Google was ordered to remove all personal data, including all connected links, related to a convicted murder in Finland under both GDPR and the countries own personal privacy protection laws. (Which have since been amended to align with GDPR.)
France: Google was fined €50 million for violating GDPR regarding ad targeting and transparency requirements on the Android mobile operating system.
Austria: Eight streaming media services have had complaints filed against them under GDPR (case is still pending)
We are finally beginning to get a read on the proper implementation of GDPR. I expect that within the next year there will be dozens more. For more on GDPR compliance, contact email@example.com
If you're tasked with marketing, cybersecurity, legal compliance or IT; and you do business in the EU (or are planning to do so), then you need to think about GDPR.
Pragmatically stating, there is currently no definitive or complete checklist for GDPR compliance available today. To create an accurate compliance checklist for GDPR requires that GDPR violations have been comprehensively defined. But, when SecurityGate took a deeper look at GDPR for our clients, we realized a surprising truth: there are no precise standards.
In comparison, the National Institute of Standards and Technology defined and published the NIST.SP 800-171 (see my recent blog post on this subject - link) well before the implementation deadline, which contained very clear explanations of controls and guidelines for implementation. Unfortunately, The EU Article 29 Data Protection Working Party, which will become the European Data Protection Board on May 25, 2018, does not duplicate this level of effort. The EDPB will be responsible, not only for providing guidelines for GDPR compliance but also for enforcing the penalties incurred from non-compliance.
In my opinion, an example of the ambiguity in the GDPR compliance standards follows:
We recognize that many businesses don’t have the resources necessary to properly formulate a plan. So how is a company supposed to be ready for GDPR? In my opinion, there are basically three options, all of which have pros and cons.