How are companies faring after the first semester?
May 25th, 2018.
The day when General Data Protection Regulation came into effect and changed the complexion of data privacy and data protection as we knew it, all around the world.
One could say that GDPR is only a problem for those who are a part of the European Union and “world” has nothing to do with it. But almost six months in we see a different picture, when the majority of non-EU corporations are embracing the changes too.
Seventy percent of non-EU companies revealed that they look to become GDPR compliant in the near future even though it’s not necessary right now. Most truly believe that the new model of personal data processing will gain a worldwide recognition in the next few years.
Although the first few call outs came out from Max Schrems who accused Google and Facebook of violating the privacy rules, the first official knock of gavel was directed at AggregatelQ.
This Canadian data analytics firm was using algorithms based on Cambridge Analytica’s Facebook data in order to build the software that would target the Republican voters in 2016 US elections.
Apart from that, AIQ was involved with pro-Brexit groups that were interested in anti-EU targeting and paid the company £3.5 million in total.
Those events happened two years before the arrival of GDPR, but the Information Commissioner’s Office (ICO) was still curious about the unlawful personal data processing and utilization.
If AIQ’s court appeal doesn’t play out as Canadians hope, their under-the-table profits would be massively outweighed by the £17 million fine. This story is a perfect example how strict GDPR really is, and shows exactly why you should become compliant.
Without a doubt you have a lot of emails with sensitive data. Maybe you should think about your own safety while you can?
Right now, AIQ is dismissing the accusations, also stating that the whistleblower who disclosed the compromising information to the ICO was never employed by them in the first place.
Despite meeting GDPR awfully unprepared (while having more than two years to set up the new order), the public reacted to the wind of changes unexpectedly well.
Of course, not everything went smoothly in the process of adaptation, but so far there haven’t been much criticism aimed at GDPR.
One of the main challenges for the enterprises striving for legal compliance were the costs. Forty-one percent of surveyed respondents didn’t have enough funds to complete the full implementation.
Strangely enough, the exact same percentage became compliant within their budget and the remaining 18% even said the expenses were lower than expected.
Apart from the obvious fear of fines, companies around the world bumped into some other, less obvious problems.
Many feared that GDPR’s data protection policy would severely damage the digital ad industry, as the regulation strictly defines how exactly a client’s personal information should be handled.
Companies were scared that a restricted access would keep them in the dark about user preferences, and some of them even had no clue that new regulations would apply to them, too. Simply put, there was a lot of uncertainty coming with GDPR.
But instead of decimating the industry, the new postulates built a ground where data would be stored safely, become transparent and ensure total consumer privacy as a result.
The regulation doesn’t forbid companies from storing such information, but asks them to provide data subjects with appropriate documentation, enabling them to manage or delete that data.
Some companies even viewed that as an advantage, as building their relationship with customers on privacy-based approach calls for a better personalization and marketing strategizing.
A much bigger concern for the companies is of course the possibility of an employee mistake or negligence. Then follows the lack of non-EU employee education about cyber security, different ways of communication with customers, and technical issues caused by solution deployment.
You probably feel anxious just reading that, knowing that your email archives have some evidence on you.
Anxiety is OK when something new arrives on the scene, but you wouldn’t even bat an eye if you had a proper solution on your hands.
While GDPR doesn’t dictate how exactly you should hit all the compliance checkmarks, it expects you to store the user information in the minimum number of locations, meaning the confidential data should not be spread around 3rd party servers.
Using regular email does exactly that, so it’s no longer a viable option for you or your business partners. Find out why regular emails may get you in trouble in the article “How to Manage Email Vulnerabilities in 2019 and Beyond.”
Businesses are left to their own devices, without clear answers on who should be responsible for data storing and handling. One thing GDPR is actively pushing for though is encryption, the process of encoding the information for exceptional secrecy.
Only one third of the companies use encryption methods and implement them on their emails, with the rest feeling comfortable with firewalls, browser protection, malware detection software and password protected networks.
With StealthMail’s end-to-end encryption and data protection solution you can have both.
This email security solution manages to decode the content of your letters with a patented Stealth Mashup feature.
Then it stores the superiorly encrypted data and encryption keys on your own side and enforces digital signatures and two-way authentication to restrict free access to criminally-minded users of the internet, only allowing verified users into the system.
By taking your confidential data away from the line of fire, StealthMail provides you with a Classified Communication Channel that is impenetrable for everyone but you and your closest circle of clients.
To find out more about the next gen solution, schedule a free consultation at StealthMail.com.
Link in die Zwischenablage kopiert!