CYBERSECURITY AND PRIVACY WITH FREDERIKE KALTHEUNER: GDPR, A NEW ERA?


GDPR, a new era?

Frederike Kaltheuner, Data Exploitation programme lead at Privacy International, talks about Gdpr, the GAFA multinationals, compliance, fines, extraterritorial scope and digital rights.

Peter Rodberg

As emerging technologies such as artificial intelligence and the IoT take root, governments and businesses may be forced to explore comprehensive new measures to address consumers’ data and privacy rights.

Ellinor Kristensen

In response to Fujiko Nakayama

GDPR has transformed consumer data best practice across all sectors. It is also playing an important role in placing the power firmly back where it belongs, in the hands of the consumer.

Increased regulation, such as GDPR, which promotes better handling, collecting, storing and processing personal data is to be welcomed, as is increased awareness of the various cyber threats. However, with so much focus on the ‘big’ issues listed above, organizations are increasingly overlooking some serious security and digital privacy vulnerabilities.

Fujiko Nakayama

GDPR has transformed consumer data best practice across all sectors. It is also playing an important role in placing the power firmly back where it belongs, in the hands of the consumer.

Lalita Demetriou

Cybersecurity is moving away from the traditional centralized view to a decentralized approach whereby security happens as close as possible to the endpoint. This is not just about IoT security but about cybersecurity overall as the security perimeter is ubiquitous: protection (security and privacy by design, the latter one of the principles of the GDPR) happens everywhere with the endpoint being key (the mobile user, for example). It explains the success of cloud-based security.

Patrick Oswald

GDPR is a great new practice for protecting people's data and I see the merits from its usage. I think it is the turning point for our online privacy!

Zephyr Brassington

According to Forbes, the global cybersecurity market is expected to reach 170 billion by 2020. This rapid market growth is being fueled by an array of technology trends, including the onslaught of initiatives with ever-evolving security requirements, like “bring your own device” (BYOD) and the internet of things (IoT); the rapid adoption of cloud-based applications and workloads, extending security needs beyond the traditional data center; and stringent data protection mandates.

GDPR is one of those mandates.

Borislav Bossakov

The ratification of the General Data Protection Regulations has affected the biggest shift in cultural awareness of our personal identity in modern history.  As our defenses against identity theft and fraud evolve and grow, hackers are becoming smarter and using the very same technology against us, most noteworthy being the likes of ransomware, cryptolocker etc.

boban mitreski

In response to Цветан Иванов

Hi all,

I know what GDPR stands for, but I was wondering if someone could answer a few questions that I have:

  • Is GDPR retrospective?
  • Will GDPR affect UK after Brexit?
  • What core business areas will be affected by GDPR?
  • What if I don’t follow GDPR? What are the penalties?
  • Will the fines really be enforced? How?
  • Who does GDPR apply to?
  • Does GDPR apply only to EU-based companies?

It looks like I have the honor of tackling the final three questions (the top three on your list):

Regardless of Brexit, organisations based in the UK that will be handling data related to EU citizens will still be affected by GDPR. What’s more, the UK's Data Protection Bill and the GDPR go hand in hand as this new Bill will implement the GDPR and may even impose higher standards so even if the UK is not in the EU anymore, it will have similar or greater obligations as the GDPR.

GDPR will affect any areas of a business that handle personal data, for example HR, sales, marketing, membership/customer services, IT, finance or legal. There is no distinction or exception between public and private either. Every organisation which has personal data is within the scope. And, let’s not forget that the personal data of employees is also affected by GDPR and will need to be acquired, stored, managed and to the same standards as any ‘natural person’.

GDPR isn’t retrospective as the EU adopted a 2-year long transition period which was intended to allow organisations to prepare for the Regulation.

George Waters

In response to Цветан Иванов

Hi all,

I know what GDPR stands for, but I was wondering if someone could answer a few questions that I have:

  • Is GDPR retrospective?
  • Will GDPR affect UK after Brexit?
  • What core business areas will be affected by GDPR?
  • What if I don’t follow GDPR? What are the penalties?
  • Will the fines really be enforced? How?
  • Who does GDPR apply to?
  • Does GDPR apply only to EU-based companies?

I will respond to the two questions about the penalties and the fines.

When GDPR is enforced, organisations that breach the regulations may be fined either between 2% to 4% of their annual global turnover or up €20 million, whichever is higher. Frequent breaches of the regulations and failure to address the issue can even result in higher fines of up to €40 million. 

We won’t know until the GDPR actually comes into force. It will be up to the national data protection authorities in each jurisdiction to enforce the new rules. It is important to be mindful of the fact that organisations can be sued privately as well, which means that non-compliance can be costly, even if a company doesn’t get fined by their Relevant Data Protection Authority.

Alex Tetradze

In response to Цветан Иванов

Hi all,

I know what GDPR stands for, but I was wondering if someone could answer a few questions that I have:

  • Is GDPR retrospective?
  • Will GDPR affect UK after Brexit?
  • What core business areas will be affected by GDPR?
  • What if I don’t follow GDPR? What are the penalties?
  • Will the fines really be enforced? How?
  • Who does GDPR apply to?
  • Does GDPR apply only to EU-based companies?

I will do the last two on your list.

The GDPR applies to data controllers and data processors - in other words to every organisation that processes, stores, or transmits personal data of EU residents.
What’s the difference between data processor and data controller?  The main difference between the two is that controller decides how and for what purpose personal data is processed while the processor acts on the controller’s behalf but both have obligations under GDPR. 

The GDPR applies to processing of personal data of EU citizens. This means that it not only applies to EU based organisations, but that it also applies to organisations that are based outside of the EU that offer goods or services to EU citizens or any organisation that processes the data of EU citizens. In other words, the vast majority of organisations.

Цветан Иванов

Hi all,

I know what GDPR stands for, but I was wondering if someone could answer a few questions that I have:

  • Is GDPR retrospective?
  • Will GDPR affect UK after Brexit?
  • What core business areas will be affected by GDPR?
  • What if I don’t follow GDPR? What are the penalties?
  • Will the fines really be enforced? How?
  • Who does GDPR apply to?
  • Does GDPR apply only to EU-based companies?
Lucas Jessen

In response to Marlies Arend

Hi. Can you tell me how significant is target advertising and is it used by political organizations too? Thanks.

Pretty much everything on the internet is target advertising, there is no point of me showing you an ad that has no relevance to you. Even when you are on YouTube, each time you click on a video the information is collected and based on algorithms the suggested videos on the landing page are impacted. The same goes for facebook, they even detect where you might have clicked at, meaning if you just hover on an ad or a post depending on the pattern of your movement the algorithm detects if you are interested or it's just a coincidence and acts on it.

As far as if politicians use the target advertising information collected by the giants in the web industry, read this and you will answer for youself.

daniel araujo

I have always wondered how they define what is considered 'personal data'.  It turns out the concept of ‘personal data’ is very broadly defined. In general, it means any type of information that relates to an identified or identifiable ‘natural person’ that allows the ‘natural person’ to be easily identified based on the data such as their IP address, ID number or their physical/physiological/genetic/mental/economic/cultural features or attributes.

George Waters

In response to Marlies Arend

Hi. Can you tell me how significant is target advertising and is it used by political organizations too? Thanks.

Forward-thinking organizations saw GDPR compliance as an opportunity to return to the drawing board and, in some cases, revisit their approach toward enterprise risk management.

Анета Владимирова

There is no doubt that GDPR has forced a much-needed debate about data use. Europe’s bureaucrats have achieved the seemingly impossible task of turning data regulation into a hot topic. 
 

Fabricio Ruiz

In response to PSJunkie

From what I understand GDPR deals with regulation of technology.  I know it is already in force in Europe, however, I cannot help but wonder whether, China and the US have something similar...

China’s cybersecurity law (which took effect in June) laid out broad principles, but left key issues related to implementation and scope unresolved. The idea was that follow-on measures and standards would fill in the gaps once stakeholders sorted out their differences. The cybersecurity law is made up of six systems which together form a framework governing information and communication technology (ICT) in China. This standard belongs under the fourth system, called “personal information and important data protection system.”

Renee Benton

You dont have to be expert in a field of technology to assume that your data is being given to multiple third party consumers without your permission. The problem lays in the fact that nobody really cares, if that doesnt harm them in any case. Advertisment targeting might be strong, but I think it is just the beginning.

Dorothea Petrescu

Marlies, here is an article that discusses target advertising and its use in political campaigns.  As it turns out, ad targeting is a pretty powerful tool.

Thomas Pfeiffer

As a europe citizen, I didn't notice a big improvement in any way. The facts that You lay out are correct and on point. GRPR also give us more freedom in the cyber space, but some people use this as an excuse to start a conflict.

PSJunkie

From what I understand GDPR deals with regulation of technology.  I know it is already in force in Europe, however, I cannot help but wonder whether, China and the US have something similar...

Slobodan Pavlicic

I have noticed recently that a lot of web sites have started asking for my permission to use cookies.  Does anyone know whether that may be related to GDPR in some way?

Rosanne Ostberg

Someone recently asked me what the penalties were for non-compliant companies that disregard GDPR.  In researching the topic I came across a couple of web sites that discuss those penalties: link 1, link 2, link 3.

Marlies Arend

Hi. Can you tell me how significant is target advertising and is it used by political organizations too? Thanks.

jet91

GDPR is perfect for China but not so much for Europe.


 


It is a law that is add work to the developers, without any real benefit to anyone. No one really read the 25 pages of term and conditions. It would be much more easier to warn everyone with messages like "what you do here is tracked... think about it before doing something". 


Internet is like a "video surveilled area", there is nothing to read or approve when you see a camera filming you... you know you are filmed, thats' it.

Please login or register to leave a response.