What GDPR Means for Cybersecurity

Adjust Comment Print

Arguably, had a regulation such as GDPR existed, Facebook would have had a much clearer obligation to flag the original data breach back in 2015 and millions of users' data would have been better protected. It is vital that wealth management companies establish a sound application framework that will not only model and bend to meet GDPR's requirements, but which will also act as a single reporting platform to help them meet any regulatory need in the future, be it MiFID II, amendments to the Dodd-Frank Act or a new regulation we do not yet know about.

GDPR, or the "Y2K" of our era, is part of a larger conversation that's been catalyzed by a lot of the recent news around regulation in general.

The newly established European Data Protection Board will encourage the drawing up of codes of conduct that specify the new data-protection standards in order to ensure the proper application of the Regulation.

"Under the new laws, requests from individuals to exercise their rights over their personal data must be answered within one month".

GDPR applies not only to European companies, but to companies anywhere that process data about individuals in the context of selling goods or services to citizens anywhere in the EU. The GDPR will apply to businesses which have any establishment within the EU.

Yankees Red Sox free live stream, TV, preview
Moreland has had a ton of success against his former team, as in eight games against the Rangers he's batting.542 (13-for-24). NY ace Luis Severino is scheduled to start the opener of a three-game showdown against Boston left-hander Drew Pomeranz.


For organizations in The Bahamas, conducting business with European Union clients or customers where there is any exchange of goods or services or if the company is monitoring the behavior of persons based in the European Union, the responsibility of compliance ultimately rest with the organization gathering the information. Failure to comply may trigger the hefty GDPR penalties.

The GDPR makes data protection everybody's job. The company stressed that the move is "to design for privacy in our business practices", rather than rely on the move as a shortcut to GDPR compliance.

"It's imperative that companies in this sector are able to demonstrate that they are managing and protecting personal data in a compliant way, and are able to respond to requests from individuals quickly and with a high degree of accuracy", Tamzin Evershed, senior director and global privacy lead at Veritas, told Insurance Business. Or alternatively, they could automate numerous steps required, saving considerable time and effort. In fact, it is estimated that of the companies that will be subject to GDPR, as many as half will not be ready for the compliance deadline - but it is not too late to begin preparing. The GDPR concerns nearly every legal subject except for, inter alia, natural persons in the course of purely personal or household activities and public authorities dealing with criminal cases as well as issues of public security.

Individuals can also object to being solicited through direct marketing based on information collected and have the right to move data collected to another entity. What is that data used for?

Barristers have warned that "clumsily drafted" data protection laws due to go live this month could hand "big brother powers" to data watchdog the Information Commissioner's Office (ICO) by granting it access to privileged material without client consent.

Comments