No one questions the good intent behind the EU’s General Data Protection Regulation (GDPR)
There’s no doubt that seeking to be fully GDPR compliant is more than just a good idea. Along the way, just make sure your organization doesn’t fall victim to one of the various scams that are surfacing. Let’s take a quick review of GDPR and then dive into the dirty tricks hackers have been playing.
Understanding the Basics of GDPR
In 2018, the GDPR established a set of guidelines for managing the collection and storage of consumer and proprietary data. Much of it pertains to personal information provided by individuals to an entity.
That entity may be a banking institution, insurance company, investing service, or even a health care facility. The primary goal is to ensure adequate protections are in place so that an ill-intentioned third party can’t exploit the personal information of those organizations’ employees, clients, and patients.
The GDPR addresses key areas of data security:
- Explicit consent to collect and maintain personal data
- Notification in the event of a data breach
- Dedicated data security personnel within the organization
- Data encryption that protects personal information in the event of a breach
- Access to personal information for review of accuracy (integrity), and to set limitations on the intended use
While there has been pushback about some of the provisions within the GDPR (especially the need for additional data security personnel outside of the usual IT team), many organizations have been eager to adopt the measures. After all, being GDPR compliant can decrease the risk of a breach and would prove helpful if lawsuits resulted after a breach.