How is the GDPR affecting cyber risk management?

How is the GDPR affecting cyber risk management?How is the GDPR affecting cyber risk management?
Guest Author asked 1 year ago

1 Answers
Rebecca Kappel Staff answered 1 year ago
The General Data Protection Regulation (GDPR) is a European Union set of data privacy laws that went into effect on May 25, 2018. It demands that companies protect personal data and enforce the privacy rights of anyone on EU State’s territory. Sounds simple? It’s not! The GDPR is exhaustive in its breadth and active in its enforcement, meaning that companies need to put in real efforts to adhere to the GDPR requirements.

The GDPR applies to any institution that processes the personal data of EU citizens. “Processing” is a phrase that encompasses almost everything you can do with data: data collection, storage, transmission, analysis, and so on. “Personal data” refers to any information about a user, such as a name, email address, IP address, eye color, political affiliation, etc. Even if a company has no direct ties to the EU, it must comply if it processes the personal data of EU citizens (via tracking on its website, for example). The GDPR applies to both for-profit and non-profit businesses.

Since most data is stored online, on the cloud or on network databases, the GDPR and cybersecurity are intertwined by their shared goals and challenges of keeping that data protected. Laxity in information security controls can lead to data breaches and a direct transgression of GDPR laws. GDPR cybersecurity requirements demand that companies implement effective cyber controls to uphold their 7 Data Protection Principles:

Obtaining consent
Timely breach notification
Right to data access
Right to be forgotten
Data portability
Privacy by design
Potential data protection officers

In order to fulfill these, companies must build carefully thought-out information security systems, allowing for appropriate levels of availability, authorized access, safe transfer capabilities, data integrity, as well as the capacity for responsible deletion of data.

Cybersecurity risk management as a whole must expand its scope to cover the requirements and consequences regarding the GDPR.

Related Content

Man-in-the-Middle Attack

Man-in-the-Middle Attack

What is a Man-in-the-Middle Attack? A Man-in-the-Middle (MitM) attack is a cybersecurity threat where an unauthorized…
Digital Rights Management

Digital Rights Management

What Are Digital Rights? Digital Rights refer to the permissions and restrictions associated with using digital…
Content Disarm and Reconstruction

Content Disarm and Reconstruction

What is Content Disarm and Reconstruction? CDR is a cybersecurity technique that disassembles and reconstructs files…
Skip to content