GDPR : Curse of Data Breach

25th of May is long gone but General Data Protection Regulation — GDPR is still there and targeting GDPR non-compliance business worldwide. Four years of preparation and debate, GDPR was finally approved by the EU Parliament on 14 April 2016 and enforced globally on 25 May 2018. organisations that are not compliant could now face huge fines of 10–20 million Euros.

Don’t get scared of GDPR if you follow the regulations. we will cover all about it and also the easiest solutions to make your website GDPR compliant. i know GDPR is confusing for millions of people and businessman but its not that tough to understand. let me clear it with one quote here.

General Data Protection Regulation — GDPR is the most important change in data privacy regulation in 20 years. if you are businessman doesn’t matter what business you do but if someway your company or just your website is collecting data from with EU(European Union) countries, you fall under GDPR regulatory.

But 25th may is gone : GDRP not gone and will stay longer. you better hurry up. demonstrating strong data rights management is important to both customers and employees. make your employee aware of GDPR regulations they should understand why the data is collected and how it is handled on a legal basis. Current business data processes need to be looked at as an immediate priority so that the company doesn’t risk non-compliance penalties.

Let me give you Yahoo scenario if GDPR would have been in place. Yahoo didn’t disclose the breadth of the breach within 72 hours like the GDPR requires. in fact, it took them until October 2017 to fully acknowledge the extent of multiple breaches that occurred in 2013–2014. With revenue in excess of $4 billion for 2012, Yahoo would have faced 80 millions dollars of fines or more as much as $160 million depending on GDPR regulations including the culpability of the company and how cooperative they were.

GDPR declares that every information you collect manually as company or from your website should be GDPR compliant. we will also discuss a how to easily make a website GDPR compliant. recent Data Breaches and lots of online scams, forgeries and misuse of personal data made the European Parliament and Council in April 2016 to create strong and sophisticated rule to protect misuse of data. GDRP replaced existing DPA(Ddata Protection Directive) 95/46/ec in 2018 as the primary law regulating how companies protect EU citizens’ personal data.

Very Funny MEME anyway. why gdpr suddenly?

its not new in fact its an update of existing 1995 data law but its much more stronger than any data law we saw ever. many recent incidents that shocked people worldwide are the major reason to build GDPR. some of those incident are perfect emoji of stupidity and reluctant systems. you can go through whole article also here

year 2017 created lots of infamous history.

UBER : In November, Uber disclosed that hackers previously stole the personal data of 57 million riders and drivers one year ago and when this massive hack happend, Uber paid the criminal $100,000 to keep mouth shut until next reactions. and some facts proves that this worst plan was arranged by the company’s former CSO and CEO

Verizon : July 2017, personal data of more than 14 million Verizon customers was exposed on amazon S3 by Nice Systems, a technology supplier

Yahoo :3 Billion user data exposed publicaly by 2013–2014

RNC Contractor : yes! related to USA presidential election. June 2017, voting data of nearly 200 million voters was exposed on AWS(Amazon Web Services). The data itself belonged to a marketing firm — DRA(Deep Root Analytics) which was contracted by the Republican National Convention.

Dun & Bradstreet : March, 38 Million email data breach. not only these but there are lots including Facebook scams more and more. EU took first action to prevent its citizens data and hence GDPR comes.

Oh God! then GDPR is a need not a curse right?

Exactly jenny. you got it now. prevention are better than cure and GDPR the most defined example of this phrase.

ALRIGHT now. who falls under GDPR jurisdiction ?

Data-collection of EU citizens online or offline, inside EU or Outside EU falls under General Data Protection Regulation — GDPR jurisdiction. GDPR applies to all companies processing the personal data residing in the EU nations, regardless of the company’s location. simple example are contact form, subscription form, all eCommerce websites and email marketing(oh god…my business). The GDPR also applies to the processing EU data by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens doesn’t matter if payment is required and the monitoring of behavior that takes place within the EU. Non-EU businesses processing the data of EU citizens also have to appoint a representative in the EU.

What if GDPR caught non-compliant company ?

Company — Person — Data processors eg. cloud services breaching GDPR regulations can be fined up to 4% of annual turnover or 20 Million Euros whichever is higher. This is the maximum fine that can be imposed for the most serious infringements like not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. Secondly, company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. just like UBER i exampled More>>

With love from Mukul Kumar Mishra