The European Union's General Data Protection Regulation, or "GDPR," is a law based entirely on data protection and user privacy from corporate enterprises. With a lot of data and information being stored on the Internet of Things (IoT) and then used for advertising and marketing, keeping more information safe seems like an idea most people can get behind.
However, while the sentiment of the GDPR is fair enough, a lot of companies have struggled to keep up with regulatory guidelines regarding security. Some companies fall out of compliance only to find themselves unprotected later on. GDPR compliance doesn't have to be difficult to achieve, though, no matter how large the business is.
Toward a GDPR-Compliant Network
Since going into effect in 2018, GDPR has applied to 97 percent of firms. However, only 59 percent of businesses said they're meeting GDPR standards today, with another 29 percent saying they hope to be within regulations inside of a year. Getting under compliance for GDPR is how security is achieved in the first place, which is why some companies find the standards so difficult to implement, especially quickly.
Companies that are compliant with GDPR face a lower risk of being breached, with a 74 percent chance compared to those not in compliant who have an 89 percent chance. When a breach does occur, as no security is ever truly perfect, fewer records will be stollen and downtime is often shorter. Those without compliance have, on average, 212,000 records impacted, while those under GDPR only have about 79,000.
Breaches and Fines
Between May 2018 and January 2019, there were over 59,000 data breaches across Europe — at the same time GDPR was going into effect. Netherlands, Germany and the United Kingdom were the countries with the most breaches. Under the GDPR, all of these companies were required to report the situation to clients within 72 hours of discovering the breach.
Out of those 59,000 breaches, only 91 breaches resulted in fines for violations of GDPR rules and standards. The fine for violating these rules is either 4 percent of global revenue or 20 million euros, depending on which figure is higher. Before the GDPR implementation was complete, fines were only a few hundred thousand euros.
Despite the difficulties with becoming compliant, GDPR is worth the harsh regulations. Simply remaining aware of challenges surrounding data privacy and forcing companies to be on guard is enough to defend against some breaches. There has also been a lot of improvement in privacy and data protection systems thanks to GDPR. The strict rules that make compliance so difficult are exactly what make the regulations work.
Of the 97 percent of firms subjected to GDPR, 42 percent found greater innovation from having the correct controls at their disposal and 41 percent discovered better operational efficiency from better organization. GDPR has been a plus in the public eye, too, as 41 percent said they gained a competitive advantage and 36 percent claimed gains on appeals to investors.
Better Data Security
The business world is becoming controlled by data, since this is the best way to know trends before they can happen. Consumers' desires through the market are exemplified through data, so businesses dig through what they can to get a competitive edge. None of this private information is "necessarily" at risk, but all of it does present a tempting target to unscrupulous third parties — especially when users aren't engaging with websites with full knowledge about which types of information may be transmitted.
GDPR is built to protect the consumer, so achieving compliance is bound to get you seen in a better light while also being more secure all around.
Kayla Matthews tech journalist & writer