InsightsSuccess
Subscribe Now!
Get A Chance To Feature In Magazine By Submitting Your Interview Today!
No Result
View All Result
InsightsSuccess
  • Home
  • Industry Insider
  • Magazine
  • Franchises
  • Blog
  • Conferences
No Result
View All Result
InsightsSuccess
No Result
View All Result

Data Protection, GDPR and How Things Don’t Always Work Out as Intended

Data Protection, GDPR and How Things Don’t Always Work Out as Intended | Business Blog [ Business Magazine ]

Organizations collect, process, use, and sell massive amounts of their customers’ personal data, often without knowledge or consent of the data subjects. An excellent example of this is Facebook, which has been plagued by scandal after scandal as their use of the data that they collect on their social media platform does not comply with the wishes of their user base.
Beyond the issue of data misuse, organizations have also been plagued by a rash of data breaches in recent years. As the value of consumer data and the size of organizations’ data repositories grows, hackers become more and more incentivized to identify and exploit vulnerabilities in these organizations’ defenses.
As a result, data protection has become a major issue, with many governments issuing data privacy regulations designed to enforce the protection of individuals’ personal data. One of the best known of these regulations is the EU’s General Data Privacy Regulation, which has raised the bar for the protection of the personal data of EU citizens around the world. However, things do not always work out as intended. Recent research has demonstrated that misunderstandings regarding the requirements of GDPR may allow an attacker to use the same provisions designed to protect individuals’ sensitive data to convince organizations to reveal it.
Introduction to the GDPR
The European Union’s General Data Protection Regulation (GDPR) is designed to greatly improve the privacy protections of consumers who are citizens of the EU. While the EU previously had a data privacy regulation, the scope of the protected data and the potential penalties for non-compliance were much lower.
Under the GDPR, the definition of protected data is expanded to include any information that can be used to uniquely identify an individual. This is significant because it changes the scope of protected data from sensitive (like payment card information, etc.) to identifiable (including email address, IP address, etc.). The increased scope of sensitive data means that many organizations are forced to change their data management policies to properly protect this data.
Another impact of GDPR is a change in how businesses can achieve consent to collect data. Previously, consent agreements typically operated on the “opt out” policy, where a user signs away many rights by using software with a license agreement written in deliberately unreadable legalese. Under the GDPR, license agreements and privacy policies must be easily readable and understandable by the average human being, and consumers must explicitly opt into data collection and processing and can demand access to or deletion of their data at any time.
The last major change implemented by GDPR is a dramatic increase in the penalties that can be levied against non-compliant organizations. Under the GDPR, a regulator can impose a fine of 20 million euros or 4% of global turnover, whichever is greater.
Shortcomings of GDPR
While the GDPR is designed to improve individuals’ personal privacy and data security, it can also, in practice, pose a significant threat to it. One of the provisions of the GDPR states that an organization who has collected an individual’s personal data must disclose this information to the person upon request. While this is designed to help an individual understand their personal data exposure, it also can be misused to violate their privacy.
This was the topic of a talk at the Black Hat hacker conference in August 2019. The speaker had conducted an experiment where, with the consent of his fiancée, he made requests in her name for the data collected about her by 150 different companies. The results of his requests demonstrated how poorly these organizations understand and implement GDPR.
One discovery was the number of companies that would provide sensitive data about her with little or no verification. 24% of companies accepted an email address and phone number as proof of identity, while another 16% accepted documents that could be easily faked. As a result, the security researcher received data including (but not limited to):

  • Full Social Security Number
  • Mother’s maiden name
  • Credit card data
  • Online account credentials compromised in breaches (some still in use)

This information could easily be collected by an attacker and is enough to commit any number of other cybercrimes or identity theft. In response to the request, several US organizations claimed that GDPR provisions did not apply to them, demonstrating a lack of understanding of the law. GDPR applies to any organization with a large number of EU citizens as clients.
Data Protection Implications of GDPR
The provisions of the GDPR have significantly raised the bar for organizations wishing to do business in the EU and for governments wishing to have relationships allowing mutual data exchange.
However, the results of the security researcher’s test of GDPR compliance demonstrates that many organizations have a long way to go in protecting sensitive personal data. While implementation of a comprehensive data protection solution is a necessary component of avoiding data breaches, an even more important aspect is not giving out the data to hackers in the name of a data privacy regulation.
Organizations are increasingly collecting massive amounts of consumers’ personal data, often without their explicit knowledge or consent. As a result, these organizations also have the obligation to understand and comply with data protection regulations and to implement a robust data protection solution to protect both their customers’ personal information and their own sensitive data. To learn about personal data protection rights, please visit FortifID.

Previous Post

5 Reasons Why Local Businesses Are More Successful

Next Post

How to Make Your Business Card Stand Out

Next Post
How to Make Your Business Card Stand Out | Business Blog [ Business Magazine ]

How to Make Your Business Card Stand Out

Recent News

a-passenger-aeroplane
Recent News

Ryanair Has Issued a Warning That Flight Prices to Europe May Increase This Summer

Flight prices are expected to climb by a "high single-digit percent," according to airline CEO Michael O'Leary. Lower fares, he...

Read more
After Indian Ministers Fail to Persuade Musk to Incorporate His Tesla Business in India, Musk Has Shifted His Focus to Indonesia

After Indian Ministers Fail to Persuade Musk to Incorporate His Tesla Business in India, Musk Has Shifted His Focus to Indonesia

Asian-Equities

Asian Equities Struggle Following Crippling China Statistics

Elon-Musk

Elon Musk’s Legal Issues Are Causing Tesla and Twitter Stock to Fall

Google-logo

300 European Publishers Sign Content Deals with Google

Path Breakers

Hubstaff

Hubstaff: Time and Workforce Management at Your Fingertips Virtually

Evonence LLC – Expert Google Workspace Partner Across North America

Evonence LLC – Expert Google Workspace Partner Across North America

Booster Box – A Passionate International Performance Marketing Agency for PPC Advertising Campaigns

Booster Box – A Passionate International Performance Marketing Agency for PPC Advertising Campaigns

Gary-Olson-CEO-of-GHO-Group-LLC

GHO Group LLC: Bringing Vision to Reality

Josh-Usheroff-Co-Founder-of-Black-Box-Productions

Black Box Productions: Crafting Visually Engaging Stories

Insights Success is an archway that caters to Entrepreneurs’ quench of technology and business updates which are currently ruling the business world.
We are ceaselessly proving the best platform for leading companies, which aids indefinite progress while creating meaningful learning experiences for the visitors and invaluable brand awareness for the clients.

  • About Us
  • Advertise With Us
  • General Disclaimer
  • Terms & Condition
  • Privacy Policy
  • Subscribe
  • Contact Us

© Copyright 2022, InsightsSuccess | All Rights Reserved.

No Result
View All Result
  • Home
  • Industry Insider
  • Magazine
  • Franchises
  • Women In Business
  • Blog
  • Conferences
  • IT & Innovations
  • Leadership
  • Healthcare
  • Money
  • Startups

© Copyright 2022, InsightsSuccess | All Rights Reserved.