GDPR at a glance
The General Data Protection Regulation (GDPR) came into force across the EU on 25 May 2018, forcing an update to the UK's existing Data Protection Act 1998 (now DPA 2018). Designed to give people more control over their data, GDPR represents a challenge to organisations, who must bring their data protection policies into line with the new regulations or face substantial penalties.
GDPR compels organisations to secure clearer consent for using people's information, and introduces tougher fines for failing to protect people's data.
This hub collates all the latest GDPR news as it happens, but please follow these links for more information on what the GDPR is, and how to prepare for it. Separate facts from the hype about GDPR with our article puncturing marketing hyperbole.
21/11/2018: GDPR turns six months old
This week marks the six-month anniversary of the implementation of the General Data Protection Regulations, but despite the regulations being in force for half a year, experts have warned that some businesses still have work to do before they're compliant with the rules.
General Data Protection Regulation (GDPR) GDPR preparation: 2018 data protection changes GDPR gets a deadline: 25 May 2018 What is a data protection officer?
The new regulations drew much attention for the heavy potential fines they introduced - up to 4% of a company's annual turnover or 20 million, whichever is higher - and left companies scrambling to implement new policies and procedures in order to bring their business in line with the updated laws.
Businesses have now had six months to meet the new standards, but in spite of this, industry experts have stated that many businesses still aren't prepared to cope with GDPR.
"Today, there is still a strong chance that a number of organisations could be struggling with issues around data sprawl, the volume of personal customer information and uncertainty around data ownership," said Citrix's chief security architect Chris Mayers, "as our research from around a year ago suggested."
"The poll also found the average large UK business was reliant on 24 systems to manage and store personal data, with one in five (21%) using over 40 systems to do so. Tackling such data sprawl wasn't easy then and won't be now if still the case."
Although the ICO has thus far failed to issue one of the dreaded maximum fines, some organisations have already been penalised under the new rules, including Brexit data analysis firm AggregateIQ and a Portuguese hospital.
"For those businesses still on the GDPR compliance journey, you cannot afford to rest on your laurels," Mayers said. "Public awareness of an organisation's responsibilities around data protection have never been higher -- with breach complaints to the Information Commissioner's Office on the increase. Reputations and revenues are on the line, and now is the time to ensure a long-term GDPR compliance strategy is in place, if it isn't already."
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
Why bolstering your security capabilities is critical ahead of NIS2NIS2 regulations will bolster cyber resilience in key industries as well as improving multi-agency responses to data breaches
-
SEC data breach rules branded “worryingly vague” by industry bodyNews The new rules announced last week leave many questions unanswered, according to security industry experts
-
Crackdown on crypto needed to curb cyber crime, says expertNews Threat actors would struggle to generate money without the anonymity provided by unregulated digital tokens, but such a move would require worldwide buy-in
-
The gratitude gapWhitepaper 2023 State of Recognition
-
UK gov invites experts to contribute to its overhauled AI regulatory approachNews The new approach will not adopt the EU's centralised model and sits alongside the National AI Strategy and Data Protection and Digital Information Bill
-
UK government opts against regulation for cyber security standardsNews UK Cyber Security Council will move ahead with its planned chartered standards, with the government to monitor its adoption
-
Encryption battle plays out in Australian ParliamentNews The opposition said that the government is “addicted to secrecy”
