Privacy Anyone?
GDPR is here! Are you ready? Cymulate is here to help. As you know, on May 25, 2018, the General Data Protection Regulation (GDPR) came into force, impacting organizations around the globe. As with any new regulation, not all organizations comply (yet). In case of GDPR, this should not be underestimated, especially in light of the fines that can be imposed. The height of these fines depends (among other factors) on the number of people affected, the damages they suffered, and the duration of the data breach. Furthermore, the height also depends if the data breach was intentional or resulted from negligence. Efforts for mitigation are also taken into account, as are preventative measures. When it comes to the amounts that need to be paid, the regulation makes a distinction between lower-level fines (up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher), and upper-level fines (up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher). After the GDPR came into effect, it did not take long for the first complaints of infringements to be filed. Facebook and Google are already on the receiving end of complaints that could result in fines amounting to $8b dollars. Organizations of all sizes and regardless of location, have good reason to be worried – in May 2018 alone, there were a number of data breaches jeopardizing personal identifiable information (PII):
- On May 17, Corporation Service Company (CSC) announced that hackers stole the personally identifiable information of 5,678 of its customers.
- At the end of May, it was reported that the Los Angeles County 211 service left about 3.2 million call records on an exposed AWS server that included a wide variety of personally indefinable information on callers along with the sometimes very personal reason they called looking for help.
- On May 19, the University of Buffalo announced that its CISO was investigating and responding to a breach of external third-party accounts that appears to have compromised the login information for a large number of UB students, faculty, staff and alumni.
Featured Resources
Subscribe to Our Blog
Subscribe now to get the latest insights, expert tips and updates on threat exposure validation.
Subscribe