How is the GDPR affecting cyber risk management?

How is the GDPR affecting cyber risk management?How is the GDPR affecting cyber risk management?
AvatarGuest Author asked 2 years ago

1 Answers
Rebecca KappelRebecca Kappel Staff answered 2 years ago
The General Data Protection Regulation (GDPR) is a European Union set of data privacy laws that went into effect on May 25, 2018. It demands that companies protect personal data and enforce the privacy rights of anyone on EU State’s territory. Sounds simple? It’s not! The GDPR is exhaustive in its breadth and active in its enforcement, meaning that companies need to put in real efforts to adhere to the GDPR requirements.

The GDPR applies to any institution that processes the personal data of EU citizens. “Processing” is a phrase that encompasses almost everything you can do with data: data collection, storage, transmission, analysis, and so on. “Personal data” refers to any information about a user, such as a name, email address, IP address, eye color, political affiliation, etc. Even if a company has no direct ties to the EU, it must comply if it processes the personal data of EU citizens (via tracking on its website, for example). The GDPR applies to both for-profit and non-profit businesses.

Since most data is stored online, on the cloud or on network databases, the GDPR and cybersecurity are intertwined by their shared goals and challenges of keeping that data protected. Laxity in information security controls can lead to data breaches and a direct transgression of GDPR laws. GDPR cybersecurity requirements demand that companies implement effective cyber controls to uphold their 7 Data Protection Principles:

Obtaining consent
Timely breach notification
Right to data access
Right to be forgotten
Data portability
Privacy by design
Potential data protection officers

In order to fulfill these, companies must build carefully thought-out information security systems, allowing for appropriate levels of availability, authorized access, safe transfer capabilities, data integrity, as well as the capacity for responsible deletion of data.

Cybersecurity risk management as a whole must expand its scope to cover the requirements and consequences regarding the GDPR.

Related Content

Covered Defense Information (CDI)

Covered Defense Information (CDI)

What is CDI (Covered Defense Information)? Covered Defense Information (CDI) refers to unclassified information that requires…
AI Secure Development

AI Secure Development

What is AI Secure Development? AI secure development means ensuring security is part of the AI…
Approved Scanning Vendor (ASV)

Approved Scanning Vendor (ASV)

What is an Approved Scanning Vendor? An Approved Scanning Vendor (ASV) is a company or organization…
Skip to content