28 Mar 18
28 Mar 18
The introduction of the EU’s General Data Protection Regulation (GDPR) is less than two months away, on May 25. The regulation will replace all current data protection laws in every European Union country, with the view to strengthening and normalising data protection for individuals across the EU. It will also address the export of personal data outside the EU, and this is where entities operating beyond the Union, like those in the UAE, will be affected.
The GDPR stipulates that if an organisation based outside Europe is processing personal data related to data subjects in the EU, that organisation may be subject to compliance with the regulation. Companies in the UAE – and elsewhere in the world – may potentially be impacted by the GDPR if they offer products to individuals within the EU. As such, international business partners in certain verticals such as financial services are already starting to mandate compliance with GDPR standards through contractual terms, and EU consumer expectations around privacy are higher than ever.
The introduction of the GDPR will bring with it a heightened compliance standard for organisations that handle personal data and heavy sanctions for non-compliance. For example, should an entity outside the EU be defined as a “data controller” given its use of equipment within Europe for the processing of EU citizen personal data (other than purely for transit purposes), then compliance with the regulation would require it to notify the relevant supervisory authority of a personal data security breach within 72 hours of becoming aware of such breach, where feasible. The entities may also be required to inform the affected individuals where the incident could cause them serious harm.
The GDPR is clearly an attempt to institute guidelines that better fit modern digitised society. Cyber security threats continue to grow at an exponential rate. There are huge increases in malware and vulnerabilities in “things” we already know, and this is now worsened by expansion of new attack surfaces: Internet of Things, smart-everything, mobile, cloud, autonomous vehicles, etc.
Our collective ability to recognise and respond to these problems as a society, as enterprises/entities, or as individuals has not increased or kept pace with the threat actors and risks. This gap is growing at an increasing rate to the negative.
We need to develop machines to take all the data we are generating, to learn from it, and to think faster than we can to anticipate and resolve cyber problems on our behalf – Machine Learning and Artificial Intelligence, supported by constructive regulation, are the keys.
Eddie Schwartz is Executive Vice-President of Cyber Services at DarkMatter. He may be contacted on Twitter @EddieSchwartz