How Will The GDPR Survive In The Jungle of Big Data?
We are living in the age of big data, in a world that now generates 2.5 quintillion bytes of data every day. For the mathematically inclined, that is roughly 2,684,354,270.08 gigabytes, a mind-blowing number for any mere mortal. And to make the situation even more incomprehensible, this number grows exponentially after one week, one month, one year. This data explosion has been a dream come true for cybercriminals looking to compromise security and breach the security of our online information. The more data that exists behind closed systems, the more enticing an attack becomes for hackers.
Regulators are busy these days trying to moderate the world, especially those companies legally responsible for leaking the sensitive data of their customers. Just look at Alphabet, the parent company of Google, who has recently been asked by the European Union to pay an $11 billion fine for an antitrust violation. As we hurtle towards the future with increasing speed, the protection of big data gets harder and harder, and we can no longer depend on the antiquated storage and security systems of the past.
New regulations and expectations around the handling of big data have recently come into sharper focus as the General Data Protection Regulation (GDPR) kicked into effect in may of this year. The regional law established a heavy price for EU-member companies who don’t comply with the new standards of data protection. The fine currently stands at €20 million or four percent of the company’s global income, whichever is higher for every instance of failed compliance. This scale ensures that corporate behemoths like Google and Microsoft as well as smaller companies both suffer the stiffest possible penalties.
Fortunately, companies operating in EU-member states have decided to write a universal “Terms of Service” for their customers, regardless of where they are located. This means the way they will handle data is similarly compliant with GDPR regardless of whether the customer lives in an EU-member state or not. In order to achieve full compliance, companies must invest in a reliable cybersecurity infrastructure that covers the following requirements:
Installing antivirus software is just not enough anymore, as it does not prevent many advanced threats. Corporate enterprises who want to do business in EU countries will need to take a more aggressive approach. Spear phishing emails are actively trying to tempt employees into clicking on malware links and consequently reveal their personal information to the phishing website. This data can then be used to design all sorts of threats, including blackmail through ransomware.
Increased security includes logs that record the actions of all users and audit the movement of outsiders on a network. These solutions must allow admins to assess the vulnerabilities within the system and respond to them with patches as soon as possible.
In order to keep data private, hard drive encryption should be established for all company employees. This is especially true for laptop users in a corporate setting, as data contents from these personal devices can be easily lost in unencrypted form. Even if someone’s data is stolen, the thief will not be able to break the encryption, which means the information is essentially useless. Any business who doesn’t embrace this reality is a business without a future.
Releasing Customer Information
Few people actually read the lengthy Terms and Conditions of a product or service. For the most part, they just click and move on. But for those paying attention, it is clear companies can only release customer data to a third party if it is legally required for some reason. They must be compelled by the court to do so, likely for investigative purposes.
At the end of the day, the new rules of GDPR have made the computing world more private and secure. If only these same regulations had been in place 10, 15, or even 20 years ago! But as the saying goes—better late than never.