Thursday, March 4, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Guess what? GDPR enforcement is on fire!

February 4, 2020
in Internet Security
Guess what? GDPR enforcement is on fire!
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Why only one in three organizations are GDPR compliant — and the risks they’re facing as a result
ZDNet’s Danny Palmer tells Karen Roby that over a year after coming into force, these three things are still causing trouble for organizations. Read more: https://zd.net/2nxbLDO

You read that right: GDPR enforcement is on fire! While fines are not always particularly high, our analysis shows that, in terms of volume, data protection authorities (DPAs) are rapidly increasing their GDPR enforcement activities. Some interesting trends are also emerging:

You might also like

High severity Linux network security holes found, fixed

Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies

Ursnif Trojan has targeted over 100 Italian banks

  • DPAs have levied 190 fines and penalties to date. With 43 enforcement decisions made so far, Spain leads the pack as Europe’s most active regulator, followed by Romania (21) and Germany (18). The UK has imposed the highest total amount of fines — more than €315 million — if both British Airways’ and Marriott’s fines are upheld after appeal. Following are France’s Commission Nationale de l’Informatique et des Libertés, with just over €51 million in fines, and Germany’s DPA, at nearly €25 million.
  • Failures of data governance — not security — trigger the most fines and penalties. DPAs have primarily acted against the infringement of Article 5 (principles of processing of personal data) and Article 6 (lawfulness of processing). These rules contain key data governance principles, such as data accuracy and quality, and fairness of processing, when firms collect and process the minimum amount of data necessary for a specific, clearly defined purpose. Firms struggle greatly to meet the requirements around consent and other available legal bases.
  • Breaches get the enforcement ball rolling but are just a starting point. Many security and risk (S&R) and privacy pros expected security infringements and missed breach notifications to be the main triggers of GDPR enforcement. DPAs have undertaken about 50 actions for infringement of article 32 (security requirements) and a few more related to failure to report breaches. These cases show that an actual security incident is just the starting point for determining fines. Investigations that followed some of the biggest breaches of the post-GDPR era focused not only on the specific conditions of the breach but also highlighted “poor security arrangements.” Adequate authentication procedures — or the lack thereof — have been DPAs’ focus since the first enforcement action in 2018.
  • Compromised data from a single customer can be expensive. DPAs evaluate the impact of a breach, not just its volume. For example, Spain’s data protection regulator fined two telco providers, each of which had an issue with a single customer. One telco erroneously disclosed credentials of a third party to a customer, allowing the customer to gain access to sensitive third-party data. This single event cost the provider €60,000. The DPA fined another telco provider almost €40,000 for processing the data of a single customer without their consent. A hospital in Germany was also fined €105,000 for GDPR violations associated with the misuse of data of a single patient.
  • Failure to respect individuals’ rights will lead to the next wave of fines and penalties. Forrester expects the next enforcement wave to come from failing to address individuals’ privacy rights. Most current enforcement actions refer to data access requests and data deletion. For example, a German property company that — among other issues — archived customer data in a way that didn’t allow for data deletion was fined €14.5 million. Enforcement to date has primarily come from customer requests, but enforcement actions from employee requests are also increasing. Bulgaria’s Commission for Personal Data Protection fined an employer for a delayed and incomplete response to an employee’s access request.
  • Third-party risk management is the next big thing in the privacy arena. Third-party risk management is nothing new to S&R and privacy pros, but they’re only now starting to see how third parties affect their privacy program. Third parties that don’t follow the same privacy policies you do can destroy not only your privacy program but also your brand, your customers’ trust, and your partner ecosystem. From vendors to subcontractors to data suppliers to the partners you share data with, it’s evident that third-party risk has far-reaching implications for privacy. Current due diligence practices are not going to cut it. Don’t be caught off guard. Instead, look for ways to blend technology, cross-functional knowledge and data, and external insights with your S&R peers to automate third-party management for privacy.

This post was written by Senior Analyst Enza Iannopollo, and it originally appeared here. 

Credit: Zdnet

Previous Post

Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root

Next Post

Explain learning about the machine to my mom [ who does not have a background in STEM ].

Related Posts

High severity Linux network security holes found, fixed
Internet Security

High severity Linux network security holes found, fixed

March 4, 2021
Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies
Internet Security

Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies

March 4, 2021
Ursnif Trojan has targeted over 100 Italian banks
Internet Security

Ursnif Trojan has targeted over 100 Italian banks

March 4, 2021
Microsoft account hijack vulnerability earns bug bounty hunter $50,000
Internet Security

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

March 3, 2021
Malaysia Airlines suffers data security ‘incident’ spanning nine years
Internet Security

Malaysia Airlines suffers data security ‘incident’ spanning nine years

March 3, 2021
Next Post
Explain learning about the machine to my mom [ who does not have a background in STEM ].

Explain learning about the machine to my mom [ who does not have a background in STEM ].

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

AWS launches webinar for marketers looking to maximise their machine learning strategy
Machine Learning

AWS launches webinar for marketers looking to maximise their machine learning strategy

March 4, 2021
What Is Intent Data? How to Get Started
Marketing Technology

What Is Intent Data? How to Get Started

March 4, 2021
High severity Linux network security holes found, fixed
Internet Security

High severity Linux network security holes found, fixed

March 4, 2021
A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account
Internet Privacy

A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account

March 4, 2021
Deno 1.8 preps for GPU-accelerated machine learning
Machine Learning

Deno 1.8 preps for GPU-accelerated machine learning

March 4, 2021
3 Types of Image Segmentation. If you are getting started with Machine… | by Doga Ozgon | Feb, 2021
Neural Networks

3 Types of Image Segmentation. If you are getting started with Machine… | by Doga Ozgon | Feb, 2021

March 4, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • AWS launches webinar for marketers looking to maximise their machine learning strategy March 4, 2021
  • What Is Intent Data? How to Get Started March 4, 2021
  • High severity Linux network security holes found, fixed March 4, 2021
  • A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account March 4, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates