GDPR is all about PII data

GDPR is all about PII data. Observers not familiar with the practices of privacy and security often look perplexed when you tell them that - with the exception of data protected in transit for use with web applications and virtual private networking - most data stored and accessed via applications on-premises or via hybrid, private and public Cloud applications, is unprotected.

But in this era of evaporated security perimeters, it has always been all about PII (personally identifiable information) data.


In the era of the General Data Protection Regulation (GDPR)  of the European Union (EU), it is all about PII data.

Although most organizations possess supervisory policies and principles about which data is considered public, confidential and sensitive, very few actually go to the trouble of automating the enforcement of these policies. Few companies go to the trouble of identifying, flagging, tagging and marking PII data. But this all changes starting with GDPR.

Going forward, GDPR will force any organization conducting business - or sharing data - covering EU citizens will be forced to mark and manage PII data.

It may not seem that way today, because GDPR only came into effect on 25 May 2018.

It's a "do as I say, not as I do" kind of moment when people realize that the policy says one thing, and the actual practice on the ground does not support or worse actually violates regulations and policies.

Who GDPR Affects

Let's recount some of the reasons for why there is often a discontinuity between policy and practice:

  • Its inconvenient.
  • It gets in the way.
  • Its too costly.
  • It's not how things are done today.
  • It won't impact us, just the other guys.

Trouble is: GDPR will impact all of us, including your company and its supply chain.

GDPR will impact any entity doing business with European citizens or processing data on behalf of companies that do business with European citizens.

As the impact of GDPR officially gets underway on May 25, 2018, we are likely to see some big cases brought to the fore and in a big way. The EU has been strident about protecting citizen privacy and will be using GDPR as a means of enforcing its policies.

Impact of GDPR Violations

The impact of violating GDPR regulations include:

  • Fines that are up to 4 percent of annual revenue

This means that if your company has annual revenues of the following, the fines could be:

Revenue          Fines                      Revenue            Fines

10 million          400,000                   1 billion                 40 million

50 million          2 million                   10 billion              400 million

100 million        4 million                   50 billion              2 billion

The fines of GDPR are not exclusive to big global conglomerates. GDPR's fines can ensnare small businesses - down to sole proprietorships - that are processing information for large global conglomerates.

In effect, anyone controlling or processing personal data related to EU citizens MUST put in place measures to track the source of such data, know where such information is, and protect such information, among other data handling and processing obligations.

GDPR will change the practices of data handling and protection like never before.

It's about the data - PII data - stupid!

Related Research

Google's Blind Spot

Predictive Analytics and Contextual Computing

IoT Market Leaders and Laggards

Featured Research

2018 Cyber Security Spend Report

The 2018 Cyber Security Spend Report focuses on global spend today through the coming five years. Did you know that global spend on cyber security is: More than $103 billion today Will exceed $130 billion by or before 2022 Today’s top two spend categories account for almost 50 percent of spend by enterprises today. The

Innovative Digital Business Models

Is your company making money using some of the innovative digital business models of the future, today? If not, it is important to understand what some of the new digital business models are, what they are best used for, who should consider using them, why they are important, and when they should be used. Not