The Year with GDPR and CLOUD Act
Introduction
2018 was really the year of data privacy and protection. I mean, who didn’t get about 10,000 GDPR emails? We saw companies all over Europe and the world scramble to meet the requirements of the data protection regulation. The year has really highlighted the importance of security and integrity.
In this blog post we will go through some of the important events of the year in terms of data protection and information security, and also summarize some industry predictions for 2019.
GDPR – Power to the People
The General Data Protection Regulation (GDPR) made a lot of companies shake in their corporate boots. The regulation specifies how personal data belonging to EU/EEA citizens can be processed and puts the power back in the hands of the people.
GDPR forced organizations to completely review their routines and processes to ensure safe processing of personal data, which should actually be seen as something positive.
Early Enforcement and Adoption
We have now lived in the GDPR-era for more than six months, and while some European authorities have started handing out sanctions, others have been more cautious.
Sweden, for example, has taken a more conservative approach. Datainspektionen released its first report in October, evaluating 400 organizations to see if they had appointed a Data Protection Officer (DPO). In Germany, a first sanction was issued to a chat platform company.
Increased Focus on Data Protection
GDPR reinforces the belief that sensitive data should be protected, and that personal data is an important asset for both companies and individuals. This has increased focus on technical solutions and security mechanisms that improve protection of sensitive data. Making privacy part of the technology itself is something that will continue to grow.
Constant privacy is becoming more of a demand from consumers. Companies should look into solutions such as HSM for encryption and log management for traceability.
The Other Side of the Privacy Coin – The CLOUD Act
Another law that made headlines in 2018 was the CLOUD Act. In contrast to GDPR, which empowers individuals, the CLOUD Act has made many European companies cautious when choosing American cloud providers.
What the CLOUD Act Means
The CLOUD Act is an American law with global impact. It was designed to modernize surveillance and privacy laws to reflect the global nature of the internet.
In practice, this means that American cloud service providers must give U.S. authorities access to data, regardless of where the data is stored or where the individual resides. This could include data belonging to EU citizens.
Conflict with GDPR
The CLOUD Act is controversial because its principles can conflict with GDPR. Together, they highlight fundamentally different views on privacy and data protection between regions.
Industry Impact and Predictions
Some predictions for 2019 suggested that the U.S. would continue to lag behind Europe in terms of privacy. This could potentially lead companies to choose non-American providers, favoring regions where privacy and data integrity are prioritized.
Cyber Security in the Board Room
Cyber security remains a constant priority within IT. Companies must continuously evolve to stay ahead of increasingly sophisticated hackers.
Future of Cyber Defense
Industry experts agree that cyber threats will become more advanced, and that technologies like machine learning and AI will play a larger role in cyber defense.
Strategic Importance of Security
With data protection becoming a key business issue, cyber security is now gaining more attention at executive and board levels.
Elevating security within organizations helps them stay ahead of threats. It also strengthens their brand, as being recognized as a secure company can attract new customers.