https://www.smashingmagazine.com/2018/02/gdpr-for-web-developers/
Europe’s imminent privacy overhaul means that we all have to become more diligent about what data we collect, how we collect it, and what we do with it. In our turbulent times, these privacy obligations are about ethics as well as law.
Web developers have a major role to play here. After all, healthy data protection practice is as much about the development side — code, data, and security — as it is about the business side of process, information, and strategy.
1 Comment
Tomi Engdahl says:
GDPR Compliance: A Carrot or Stick Approach?
https://www.securityweek.com/gdpr-compliance-carrot-or-stick-approach
There’s Little Value in Heading Down the GDPR Path Simply to Avoid Being Hit With Penalties
As most of you know, the new General Data Protection Regulation (GDPR) comes into force on May 25, 2018 and will introduce major new laws for data processing in European Union (EU) member countries and anywhere EU personal data is processed. In other words, even if your business is based in the U.S., if you process data of EU citizens you are affected. The laws give many new personal data rights to EU citizens, including the right to withdraw consent, easier access to their data, and the right to know if their data has been compromised by a cyber attack. And that’s just the start.
Penalties for non-compliance with GDPR will be severe. For example, if your organization fails to report a data breach within 72 hours, expect a fine. Fines can reach four percent of global revenue or 20 million Euros (more than $24 million), whichever is higher. Organizations, regardless of size, will be subjected to such penalties and that’s because everyone’s data is equally valuable and no organization is immune to attacks. There will be some proportionality shown depending on factors like the size of the infringement, the effectiveness of reporting, the scale of the effort made to be compliant, the type of information lost, and the type of organization being fined. However, all indications are that any organization fined is likely to find the experience painful, by their own relative terms.
Without a doubt, financial penalties of such magnitude are a pretty sizeable stick. But if your organization approaches GDPR compliance by focusing on the stick – searching for a GDPR check list of security dos and don’ts, or a GDPR product to buy to protect you from a fine – you’re out of luck. GDPR defines outcomes, not the means of delivering them. It also demands proper consideration and shouldn’t be approached with a check-box mentality.
So, what if we shift our approach and instead focus on the carrot? I
Focus. Since the 1990s there has been a patchwork of legislation across the EU that companies doing business in that region have had to understand and comply with. While GDPR is a game-changer, it brings consistency and focus that can streamline efforts. GDPR also attempts to introduce a risk-based approach to data protection, so you can prioritize how you address risks based on the threat to your organization. Granted, this single set of rules are more stringent than many businesses are used to working with today, but that leads to the next benefit…
Business health. The set of rules that comprise GDPR form a framework for ongoing accountability and good personal data stewardship. Incident response, data mapping, and maturity assessment all become part of your business plan.
Customer confidence. When your customers and partners know that they’re working with a company that has embraced GDPR and is meeting these stringent standards, they can feel confident that their data is safe. The value of this cannot be understated. A recent study by Gemalto found that 69% of consumers feel businesses don’t take customer data seriously and 70% would stop doing business with a company if it experienced a data breach. Having consumer confidence is an enviable competitive advantage that contributes to business growth.
Digital transformation. As I’ve discussed many times before, security is an enabler of digital transformation. Success depends on secure transmission of sensitive data and protecting the systems that store and use that data.