GDPR and Data Security Basics
It appears that Europe’s new General Data Protection Regulation (GDPR) law is still fighting pushback, or simply ignorance, from companies handling vast troves of user data. Twitter made news recently for a flaw that exposed a number of private tweets made on Android devices to public view. More importantly, however, in October the company appeared to violate GDPR by refusing to grant an EU user request for certain information on how it was tracking his clickthroughs—which it is actually required to do now.
Unsurprisingly, this garnered an investigation from the Irish Data Protection Commission (DPC). Another one could be pending over this new Android trouble, which lasted from 2014 until January 14 of this year. According to Graham X. Doyle, head of communications at the DPC, the Commission “has been notified of this data breach and we are currently assessing its contents.”
Regarding the effect of GDPR implementation, Jonathan Bamford (great name), Director of Strategic Policy at the UK Information Commissioner’s Office, reported that the new regulations are making many organizations think about the basics of data security for the first time. Not advanced analyses or procedures, mind you, but “core privacy and protection issues.” Giving a keynote speech at a Westminster eForum event, Bamford discusses this scramble to address the basics “that organizations should have been on top of for a long, long time.”
Clearly, despite violations like Twitter’s, businesses are making a concerted effort to achieve compliance with GDPR. Many companies and agencies are playing catch-up. Consumers are likewise playing closer attention than ever to how their data is protected. Bamford speaks of notable increases in inquiries (and complaints) concerning data protection practices. His office has seen over 90% increases on both fronts – for complaints, that totals about 43,000 between May and December of last year.
“The issue is how we make sure we are responsive to changes that are taking place in society, and technological changes,” Bamford adds. One of those changes is that consumer confidence in cybersecurity is now a valuable commodity. Companies like Twitter need to ensure they’re fully on board with GDPR’s stipulations; otherwise, as we’re already seeing, investigations will be imminent.