You can find reports of new data breaches in the news every day, targeting industries including finance, healthcare, government, social media—and the list goes on. In fact, the first five months of the new year has seen 433 mainstream attacks according to hackmaggedon.com—an average of over 86 cyber attacks a month.
But the European Commission is not taking this lying down; they are taking action against data breaches for the protection of consumers in the European Union (EU). They have enacted the General Data Protection Regulation (GDPR). Proposed in 2012, the GDPR went into effect May 5, 2016 and all companies doing business within the EU—including foreign companies engaged in cross-border data exchange—are expected to comply by May 5, 2018.
The GDPR is intended to unify data protection rules to strengthen security against cyber attacks, which compromise sensitive personal consumer data, including social security numbers, bank account information, health records, and more. The EU is setting the standard for holding businesses accountable for security breaches—which could even lead to fines for future data breaches. If your company doesn’t comply, it could cost you!
Current data shows that businesses are not prepared for the increased threat of cyber attacks or the potential impact to their organization. For example, 50% of businesses worldwide have no countermeasures against a distributed denial of service (DDoS) attack, according to IT Pro. A Ponemon Institute report from 2013 shows that 51% of Global 2,000 companies admit to not having an accurate accounting of their Secure Sockets Layer (SSL) certificates.
Some facts around the GDPR, according to a press release from the European Commission in 2012, are:
- There will be a single set of rules on data protection that will apply across the EU; applicable to personal data handled by companies active in the EU market.
- Consumers will have access to their data, and can better manage individual risk with a “right to be forgotten” caveat that will allow them to delete data they deem unnecessary for a company to retain.
- Penalties for companies out of compliance or who suffer a breach can exceed $1.4 million (£1 million), or 2% of their global annual earnings.
While this has its roots in Europe, it is only a matter of time before the rest of the world follows suit. With this added risk and potential financial impact of cyber attacks, it is imperative that companies start looking carefully at their digital infrastructure (such as their DNS), and the security of their digital assets (such as domain names and SSLs), so they have time to comply.