GDPR – It’s About the Data, Stupid

Observers not familiar with the practice of security often look perplexed when you tell them that - with the exception of data protected in transit for use with web applications and virtual private networking - most data stored and accessed via applications on-premises or via hybrid, private and public Cloud applications, is unprotected.

But in this era of evaporated security perimeters, it's really all about the data, stupid.

And in the era of the General Data Protection Regulation (GDPR)  of the European Union (EU), it is all about the data, stupid.

Although most organizations possess supervisory policies and principles about which data is considered public, confidential and sensitive, very few actually go to the trouble of automating the enforcement of these policies.

It's a "do as I say, not as I do" kind of moment when people realize that the policy says one thing, and the actual practice on the ground violates the policy.

Let's recount some of the reasons for why there is a discontinuity between policy and practice:

  • Its inconvenient.
  • It gets in the way.
  • Its too costly.
  • It's not how things are done today.
  • It won't impact us, just the other guys.

Trouble is: GDPR will impact you and everyone else.

GDPR will impact any entity doing business with European citizens or processing data on behalf of companies that do business with European citizens.

The impact of GDPR officially gets underway on May 25, 2018, and in a big way:

  • Any entity violating the General Data Protection Regulations of the EU can be fined upwards of 4 percent of annual revenue.

This means that if your company has annual revenues of the following, the fines could be:

Revenue          Fines                      Revenue            Fines

10 million          400,000                   1 billion                 40 million

50 million          2 million                   10 billion              400 million

100 million        4 million                   50 billion              2 billion

The fines of GDPR are not exclusive to big global conglomerates. GDPR's fines can ensnare small businesses - down to sole proprietorships - that are processing information for large global conglomerates.

In effect, anyone controlling or processing personal data related to EU citizens MUST put in place measures to track the source of such data, know where such information is, and protect such information, among other data handling and processing obligations.

GDPR will change the practices of data handling and protection like never before.

It's about the data, stupid!

Leave a Reply

You must be logged in to post a comment.

Featured Research

Spend on Security

Is your organization underspending on information security? If you’re like most, spending on information security lags far behind other priorities. Only during the past few years has spend on information security started to increase, but it still lags behind. In this Research Report, Wellington summarizes findings from research conducted with thousands of organizations to highlight

The Wizards of Tech

Find out how the unspoken issues of culture, incentives, business strategy, and people impact your life, and the utility of the technology products and services you rely on to operate your business. Download the full report – The Wizards of Tech – today!