Abion / Blog / How the GDPR sanctions is the best thing that has happened to cybersecurity
featured (2)

Data and the GDPR
Today, data has become one of the most valuable resources for businesses.

Because of this, incentives to process, cross-reference and publish data are ever increasing.

This obviously affects the privacy of the individual.

The natural step therefore, is regulation – Enter the GDPR! No one can have missed the discussions about the strain this will put on firms in terms of implementation and compliance.

GDPR will put new requirements on firms in terms of overall data processing.

However, there may be a positive aspect to this!

Ultimately, the aim of the GDPR is to create safe management and ownership of data. The hope is that this will lead to a more prosperous and safer internet, for private as well as legal entities.

The two essential roles in the GDPR
There are two functions that are essential when discussing the management of personal data:

  • Data controllers
    In practice, most firms will be data controllers in some regard, assuming that they process and manage personal data.
  • Data processors
    Plenty of service firms (e.g. payroll companies, corporate travel agents and marketing agencies) will be Data processors on behalf of other companies. At the same time, they may also be Data controllers for data they manage on behalf of their own business.

How can the GDPR be a driver in the evolution towards a safer internet?
Sanctions is one of the key drivers in the GDPR, and sanctions is what is going to drive the progress. The sanctions have been outlined in article 83 of the GDPR and are applicable to both data controllers and data processors.

Two levels of sanctions will apply. Some breaches can lead to fines of up to €10 million or 2 % global annual turnover whichever is greater while others can trigger fines of up to €20 million or 4% of global annual turnover for the preceding financial year.

Let us repeat that, shall we? Fines of up to €20 million or 4% of global annual turnover!

So, how does this affect the way companies manage data?
Article 5 of the GDPR sets out the basic principles relating to process of personal data. According to the article, data should, among other things, be "processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organizational measures".

Article 25 states that “… the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects”.

It further states “the controller shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed.

Article 32 sets out the requirements for data controllers and processors to "implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk".

According to the regulation, whether a certain security measure is appropriate in each instance will depend on "the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons".

This is all a very complicated way of saying that companies will need to review not just how they keep personal data and what they do with it, but also the technical solutions and policies in place to ensure that they are up to date and not vulnerable to outside attacks or in risk information leaks through their own processing.

In conclusion
Data management will be increasingly regulated.

This means firms are required to set up best practice cybersecurity measures to safeguard its data governance model, including everything from e-mails to digital archives. They will also have to make sure that they do not keep personal information longer than they absolutely have to.

Best practice is determined by the sensitivity of the data under management, as well as the risk for private individuals if the data leaks.

The positive aspect of this is that these sanctions create strong enough incentives for all firms to comply with GDPR. The result is predictability in the regulatory landscape for data management, and markets like predictability.

Increased regulation may also lead to cybersecurity moving up the corporate food chain. In a recent survey by Harvard Business Review, only 8% of board members consider cybersecurity a strategic risk, whereas 38% consider the regulatory environment to be a strategic risk.

Consequently, the GDPR has the possibility of providing a platform where data driven business models can prosper and thrive. As most data is available or accessed on the internet, the GDPR has the potential to increase cybersecurity and make the internet a prosperous and safe place where business thrives.

Related reading

Alfa Romeo sign

Alfa Romeo makes a U-turn: Milano goes Junior

Trademark Management
13, May 2024
Following pressure from the Italian government, Alfa Romeo is forced to change the name of its newly unveiled SUV.
Made in Italy label

The Rising Importance of “Made in” Labels: A European Perspective

Trademark Management
11, May 2024
When consumer choices are increasingly driven by a desire for authenticity, quality, and sustainability, the signi...

This website uses cookies

Cookies ("cookies") consist of small text files. The text files contain data which is stored on your device. To be able to place some type of cookies we need your consent. We at Abion AB, corporate identity number 556633-6169 use these types of cookies. To read more about which cookies we use and storage duration, click here to get to our cookiepolicy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that need to be placed for fundamental functions on the website to work. Fundamental functions are for instance cookies that are needed for you to use menus and navigate the website.

Functional cookies

Functional cookies need to be placed for the website to perform in the way that you expect. For instance to remember which language you prefer, to know if you are logged in, to keep the website secure, remember login credentials or to enable sorting of products on the website in the way that you prefer.

Statistical cookies

To know how you interact with the website we place cookies to collect statistics. These cookies anonymize personal data.

Ad measurement cookies

To be able to provide a better service and experience we place cookies to tailor marketing for you. Another purpose for this placement is to market products or services to you, give tailored offers or market and give recommendations on new concepts based on what you have bought from us previously.

Ad measurement user cookies

In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data