![GDPR Impact One Year On GDPR Impact One Year On](https://privacy.blackfog.com/wp-content/uploads/2019/06/GDPR_ImpactOneYearOn.png)
The one-year anniversary of the implementation of GDPR – one of the most important changes to data privacy regulations in the last 20 years has just passed. What has been the GDPR impact one year on? With potential of fines up to €20 million or 4% of annual turnover, its impact is undoubtedly wide-reaching. But since its implementation, what changes – if any – have businesses made to ensure the data they hold remains secure? And what can they do to ensure they don’t fall foul of this legislation?
Since GDPR was enacted there have been more than 59,000 GDPR notifications across the EU. Looking more widely, one of the most high-profile data breaches to date has been from Equifax, for their 2017 global data breach which affected 15 million consumers in the UK and 147 million in the US. They were fined £500,000 as a result, but actually got off rather lightly, given the penalty would have been significantly higher had it occurred a year later, once GDPR was in force. Google on the other hand was not so lucky when it was fined €50 million in January for violating EU data privacy rules.
Enacting changes
Given the scale and impact of a GDPR data breach, it is no surprise that businesses around the globe have been relatively quick in adapting to them as best they can. This can be readily seen with the number of websites which now require acknowledgements from users for data collection purposes. Many businesses have also transitioned to encrypted databases and audits of password storage practices in order to protect private information even more securely.
Unfortunately, despite this, many basic principles for data security are still not being followed as can be seen with the frequent reports of company databases being exposed by hackers. One recent high-profile example is the news that Facebook was storing millions of passwords in plain text. Although businesses have taken some steps towards ensuring that the personal data they store remains secure, it’s clear that many still have a long way to go.
New risks
The new risks that companies are exposed to are more sophisticated than ever. It’s not just the ‘good guys’ who have access to sophisticated technologies such as machine learning and AI – bad actors can use them too. Witness for example, new malware that can easily bypass existing AV solutions and firewalls with adaptive signatures and fileless attacks. Attackers are even using steganography (embedded code and URLs within images) to infect devices, which is even harder to detect.
Companies can no longer rely on outdated techniques for developing applications such as storing passwords in plain text, or even rudimentary encryption such as MD5. Instead, they need to design security into their systems from the outset, using the latest security practices and deploying multiple layers of protection, such as database encryption and two-factor authentication.
The future of data protection
It’s becoming increasingly difficult to keep up with cybercriminals’ latest techniques, and the days of relying on a firewall or simple anti-virus software are over. The original AV solutions were designed when we there were only a few dozen viruses in existence. Today, more than 2 million pieces of malware are released every day. The availability of automated bots and cheap computing resources have facilitated this exponential growth. Organisations must deploy new technologies which focus on detecting unusual behaviour to identify these new types of malware and provide an additional layer of protection against these modern threats. A preventative multi-layered defence system is needed to defend against the multitude of threats which businesses now face.
In addition, techniques such as outbound, on-device data protection provide a unique approach to protecting devices. It’s inevitable that cybercriminals are going to get in and access your data – the key is to stop them from getting out. Technology now exists to prevent unwanted data collection and identity profiling by increasingly sophisticated hackers. By eliminating the unauthorised exfiltration of data from personal and corporate devices you will significantly reduce the risk of a GDPR data breach.
Related Posts
BlackFog Strengthens Leadership Team with Strategic Appointments
BlackFog strengthens leadership and the next stage of growth with Brenda Robb as President, John Sarantakes as CRO, and Mark Griffith as VP of Strategic Sales.
The CrowdStrike Incident: A Global IT Meltdown
Discover how the recent CrowdStrike incident caused a global IT meltdown, affecting thousands of businesses. Learn about the event timeline, its impact, and how BlackFog's advanced practices can help prevent such risks. Stay informed and protect your business from future cybersecurity threats.
6 Essential Ransomware Prevention Steps Every Firm Must Take in 2024
What essential ransomware prevention steps must businesses take as the scale of this threat continues to rise?
Data Protection vs Data Security: The key Differences to Know
Are you aware of the difference between data protection and data security? Here's what you know to keep your data safe.
The State of Ransomware 2024
BlackFog's state of ransomware report measures publicly disclosed and non-disclosed attacks globally.
Understanding Data Privacy and Security: How do they Relate?
Data privacy and security are critical topics for any business to focus on in today's environment. The rising costs of cyberattacks and other threats mean a clear strategy for safeguarding sensitive data is more important than ever before.