DRJ Fall 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 32, Issue 2

Full Contents Now Available!

Tuesday, 11 June 2019 14:50

One Year In, How Has GDPR Improved Data Privacy?

The General Data Protection Regulation (GDPR) has been in effect for more than a year now, and it has already yielded significant returns, but there are still key issues that need work. Fortinet’s Jonathan Nguyen-Duy discusses.

Abuse of individuals’ personal data has led to an outcry for stronger data privacy laws. Action toward such laws has tended to apply to one industry at a time – health care, financial services and so on. In the absence of a federal mandate in the U.S., states have created their own privacy regulations, such as the California Consumer Privacy Act. Many such specific regulations can engender a “check the box” approach to data security and privacy, which fails to provide true protection, because it falls short of doing everything possible and settles for “good enough.”

For example, the EU’s 1995 Data Protection Directive (which was replaced by the General Data Protection Regulation “GDPR”) allowed individual member nations to write and pass their own breach notification laws. Not only did these laws sometimes tend to be incomplete, but the enforcement and requirements were inconsistent across the EU. Multinational companies were especially challenged, because data gathered in a specific country had to be managed differently than data collected in a neighboring one.

Taking effect last May, GDPR streamlined these various regulations into one comprehensive mandate. The regulation requires organizations to report data breaches to affected individuals and appropriate regulatory authorities within 72 hours of being discovered. Even better, it also established a common and broader definition of personal data, including things like IP addresses, biometric data, mobile device identifiers and other types of data that could potentially be used to identify an individual, determine their location or track their activities.