Global Impact of the EU’s General Data Protection Regulation

By Eric Noonan • June 28, 2016

On April 27th, the European Commission signed into law the General Data Protection Regulation (GDPR – Regulation 2016/679 and 2016/680) that will serve to unify 28 (now 27 with the Brexit, perhaps) different privacy laws into one unified regulation applicable to all. The regulations, which are set to go into effect in May of 2018, will require widespread standardization and unification of data privacy requirements across EU member states.

Why should the US and other non-EU citizens or companies pay close attention to the further development in policy and standards taking place in Europe? Because it is clear that not only the business world of the European Union stands to be impacted, but all organizations, directly and indirectly, marketing to and processing information of EU data subjects, which includes most cloud-companies and a vast number of large enterprises.

GDPR will trigger much stricter guidelines and regulations for fundamental issues such as individual profiling, consent for data collection, and comprehensive definitions of data. Another notable change is that all breach notifications will be strictly required to be reported within 72 hours from the time of initial discovery. Not many countries currently have such regulations revolving around breach reporting. Although in the US, rapid reporting of cyber incidents to the DoD, in the exact same timeframe of 72 hours, is in fact already required by DFARS – Defense Federal Acquisition Regulation Supplement, which provides specific regulations for DoD government acquisition officials and all contractors doing business with the DoD.

In short, a greater significance will have to be placed on understanding exactly where all data is located, how and where it flows, where it resides, with whom it is shared, and what consents are or are not given and when it (data) must be purged.

There is a number of transitional questions that will need to be answered in the next two years.  What is the depth of impact to businesses and organizations worldwide? What unforeseen consequences will come to the IT world in general?

Organizations will have to pay close attention and stay connected to learn about the progression of the GDPR, as well as all other related data protection initiatives. It will be essential to understand the types of data protection (such as encryption) required by GDPR and to have a solid grasp on the types of platforms on which customer data is processed.

So, will the existing security solutions prove sufficient in the light of the new standards and regulations? What will the new breach notification requirements mean to the affected businesses? How will all personal data be properly classified in a way that enables secure access across all major platforms?  One important thing to keep in mind as we ponder these questions is that GDPR is not just for Europe! It is, at the very least, for any and all organizations that process, collect, and use personal data relating to EU subjects. There will clearly have to be a significant amount of work performed in order to meet all the technical issues and challenges as we move closer and closer to GDPR’s full implementation. Undoubtedly, there will be a great need for trusted partners to help provide on-site support with specialized knowledge, data mapping, and classification to help deploy the right types of solutions and protection.

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO

CMMC CON 2022 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.