On May, 25 2018, new rules concerning the collection, storage and processing of personal information for the European Union came into force. The regulation was The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This is regulation has strengthened data protection for individuals living in each member state of the European Union. See: “Is it time for European businesses to learn to love GDPR?”
The data privacy rules have impacted upon businesses, although the number of cases have been slow, despite Facebook and Google sitting atop of the GDPR complaints list.
Given the number of data privacy concerns facing businesses, Digital Journal spoke with Greg Young, VP for Cybersecurity at Trend Micro. In addition, Trend Micro have analysed many of the issues in a new report headed “Mapping the Future: Dealing with Pervasive and Persistent Threats.”
Digital Journal: To what extent is GDPR being implemented?
Greg Young: Regulators for the General Data Protection Regulation (GDPR) from the European Union (EU) have not immediately exercised their new powers. But very soon they will make an example out of a large, noncompliant company, fining it the full 4 percent of its global annual turnover.
DJ: Are data privacy concerns set to become more prevalent?
Young: The GDPR is a more mature model of privacy compliance. In fact, many organizations had already paid fines under the previous Data Protection Directive for over a decade, so violators will feel the teeth of the regulation sooner than they expect.
We will also see more data breach disclosures overall in 2019 than in the previous year due to the GDPR as there are already reports that some agencies are inundated with new disclosures needing investigation. On the bright side, the disclosures will also give enterprises greater visibility and insight on how threat actors are compromising other organizations.
DJ: What impact will this have on activities like data mining?
Young: This will have the inevitable effect of emphasizing the prevalent difficulty in complying with the finer points of the regulation and will push regulators to clarify or add more details about what security technologies are actually needed. As data mining gets more aggressive buying behavior for consumers will shift more quickly. Anonymity was perceived by some to be only for people up to no good, whereas with aggressive intrusion into our online activities, businesses need to realize that not only does the privacy of the business get compromised, but this rich pool of data about people is a goldmine for attackers to leverage for phishing, including BEC.
DJ: Do companies need new strategies?
Young: Companies will also be forced to rethink the worth of data-mining activities inherent in current advertising models, given the high price tag of a possible violation. In fact, Trend Micro predicts that by 2020, up to 75 percent of new business applications will have to make the hard decision of choosing between compliance and security.
DJ: How do data privacy and data security interact?
Young: While privacy and security are not mutually exclusive, efforts to ensure data privacy compliance will have a detrimental effect on a company’s ability to adequately determine the source and details of a security threat.
In a follow-up interview, Greg Young tells Digital Journal about security issues facing businesses. See: “”Q&A: What’s in store for business technology this year?
