The European Union General Data Protection Regulation known as GDPR brought significant changes to data privacy around the globe. These changes originated in Europe; however, their introduction and implementation had an impact that is still sending ripples of change to every country that has business ties with any member of the European Union. GDPR went into effect on May 25th, 2018 and it brought 99 articles which are defining a new way of corporate responsibility and liability when handling personal and sensitive information of European citizens. 

GDPR affects every country handling any type of personal or sensitive information that can potentially be used to identify a European citizen.

This regulation was carefully crafted to improve the framework that governs how personal and sensitive information of individuals is handled, raising the bar of information security and privacy principles for the rest of the world. GDPR affects every country handling any type of personal or sensitive information that can potentially be used to identify a European citizen. 

The principles of GDPR bring security and accountability ensuring the entities handling the personal or sensitive information of private citizens are both abiding by a good code of ethics are also understanding their ethical responsibility as a business when handling sensitive and personally identifiable information. GDPR empowers individuals to get involved, question, and manage how their personal data is being processed, stored, and erased once it is no longer needed or the terms of data storage have expired. 

GDPR also brings fines that can cripple businesses and organizations infringing on its regulations. The maximum fine under GDPR law can go as highs as 4% of annual global revenue or €20 million whichever is higher. Of course, not all cases will lead to such an unfortunate outcome. The most important thing to do is to stay informed and make sure you notify the authorities within 72 hours of becoming aware of a data breach. 

Lastly, also remember as overwhelming as GDPR and privacy laws can be you can rest assured that if you contact Silent Storm Security we can work together to develop a strategy to protect your business operations. info@silentstormesecurity.com

Author: Ron A Abarca

Silent Storm Security | Founding Partner BSISM, CISA, CDPSE