The EU’s new General Data Protection Regulation (GDPR) is coming into effect on 25 May 2018 and will have wide-ranging consequences on a global scale, affecting all businesses that trade with the European Union, from within or outside its borders. From among non-EU countries, US businesses in particular have been actively taking steps to ensure that they comply with the new regulation.
With the United States having a number of regulations in place for data protection itself, does that mean companies already compliant with national regulations will find it easier to adjust to GDPR requirements? Let’s have a look at data protection regulations on both sides of the Atlantic to find out.
The European Union under the GDPRThe most important and talked about change in data protection regulation in Europe in the last twenty years, the GDPR has set off a race for compliance among companies…
Read more
In today’s fast-moving world, highly skilled professionals are constantly looking for more attractive opportunities that will move their careers forward and, as a consequence, companies struggle to retain employees in the long term. Staying in one job for one’s entire life is no longer the primary objective and changing jobs every three to five years is encouraged by every career counselor. According to consulting firm Hay Group, the average employee turnover rate in North America, across all industries, is expected to reach 23% by this year.
What does this mean in the context of data security? In a survey conducted by Biscom, 1 in 4 respondents said they take data with them when they leave a company, 85% of them feeling it is not wrong to take with them materials they themselves helped create. Many of those surveyed admitted that appropriating company data was possible due to companies’…
Read more
Last week, Intel made headlines when it was reported by the Register that a security flaw in its processors forced Windows and Linux programmers to redesign their kernels. The news sent Intel stock plummeting and the cybersercurity community into a panic as further details of the extent of the vulnerability were revealed.
Since the initial news broke, several independent teams of academic and industry security researchers from around the world, among them Google’s Zero Project, confirmed they have identified three possible attacks that could exploit processors’ design security flaws. These were dubbed Spectre (variant 1 and 2) and Meltdown (variant 3).
Google had identified and informed affected companies about the possibility of Spectre attacks as early as June 2017 and Meltdown towards the end of July 2017, but chose not to make the information public to allow companies…
Read more
The beginning of the New Year is a time when many companies consider the most pressing issues they have to solve in the upcoming year. With 2017 turning out to be one of the most taxing years for data security in memory, 2018 will be the year when companies will have to fight back by building up better defenses against breaches and leaks. Whether out of their own concern or obligated by new legislations, businesses’ New Year resolutions should feature data protection at their core.
Here are our top picks for what companies should be focusing on when it comes to data loss prevention in the New Year:
1. Become GDPR compliantThis point should come as no surprise to any business dealing with customers located in Europe. The EU’s General Data Protection Regulation (GDPR) will come into full force on 25 May 2018 and companies that will not align its policies to the new legislation’s strict regulations…
Read more
With 2017 coming to an end, the clock is ticking closer to the implementation of the EU’s new General Data Protection Regulation (GDPR) on May 25th 2018. While interest in issues of compliance surrounding the dreaded new legislation has soared in recent months, a great number of companies have yet to take concrete measures to ensure their businesses are up to the new standards before the deadline.
So what does it take to start your journey to compliance? Here is a short compliance check to get you started!
Whether your company is located within the European Union or outside it, you are required to comply with all requirements of the GDPR if any of your customers are EU data subjects. You must also bear in mind that the GDPR restricts cross-border data transfer outside the EU. For free data flow to occur cross-border, a third country must be deemed to have an adequate level of data protection …
Read more
With the holiday season around the corner, many employees are taking extended holidays, some choosing to work remotely to enjoy longer stays with their families. This adds an extra layer of peril to data security as work laptops and devices head out of the safety of company networks and into the busy and often times dangerous world of international travel and public internet.
Some of the most common cases of data loss occur when employees are on the move, with devices forgotten or stolen from public places. Trust in insecure networks can also lead to potential breaches and company sensitive data winding up in the wrong hands.
As remote work becomes a staple of the modern work environment, it is however up to the company to step up and ensure that their employees both understand how to keep their data safe while working remotely, but also take measures to prevent incidents from occurring.
Here…
Read more
2017 has been a year of turmoil for information security with major breaches making headlines on a daily basis and cyberattacks being successfully deployed on an unprecedented scale. Ransomware went mainstream, corporations and government agencies failed to protect their data and the looming shadow of the EU’s General Data Protection Regulation (GDPR) sent companies into a scramble for compliance.
No company seemed safe from data leaks with big names such as Deloitte, Verizon and Uber falling victims to complex cyberattacks. The Equifax data breach, estimated to have affected over 143 million users in the US, brought the year to a grim conclusion for data security.
With December on the horizon, companies are breathing a sigh of relief to see this year of relentless breaches come to an end. But will 2018 be any different? Let’s have a look at the top trends going into the new year:…
Read more
Nowadays, it seems not a day goes by without another high-profile data breach being announced. From Equifax and Uber to Forever 21, no company, no matter how big, seems safe from sensitive information leaks. The consequences for these breaches range from loss of profit and customer confidence to more serious charges of noncompliance with data protection regulations and hefty fines.
Data Loss Prevention (DLP) technologies were developed to tackle this increasing threat to the security of companies’ most sensitive information. Since their emergence, they have become an indispensable part of IT departments’ security framework, protecting against both insider and outsider threats and helping to maintain compliance with increasingly complex data protection regulations.
While Data Loss Prevention has become a household name in the world of information security and more…
Read more
In January 2017, a new ePrivacy Regulation meant to repeal Directive 2002/58/EC was proposed by the European Commission and published on its website. Concerning the respect for private life and the protection of personal data in electronic communications, the regulation is part of the Digital Single Market strategy and is meant to bring the ePrivacy Regulation in line with the General Data Protection Regulation (GDPR) coming into force in May 2018.
Directive 2002/58/EC previously covered the area of personal data processing and the protection of privacy in the electronic communications sector, but with the GDPR bringing requirements up to present day standards, the ePrivacy Directive needed to receive a similar upgrade that would help complement the GDPR, in the same way it was previously aligned to the Directive 95/46/EC. The two regulations are tightly interconnected with…
Read more
As we draw nearer to the end of the year and we enter the last stretch to the GDPR compliance deadline, the UK has recently announced its own bill on data protection has entered Parliament for assessment. With two data protection regulations on the table though, which one are UK companies supposed to follow? Can they escape the scourge of the GDPR or will more requirements be added to their already full plate? Let’s take a closer look!
What is the UK Data Protection Bill?The first draft of the UK Data Protection Bill was made public on 14 September 2017, after it passed its second reading in the House of Lords. Its aim is to modernize data protection laws in the UK for the 21st century, give people more control over their data, and provide them with new rights to move or delete personal data. It will be replacing the now outdated Data Protection Act 1998.
Its stipulations align themselves to the EU’s…
Read more