GDPR is a big subject that mainstream business across Europe, including the UK, are just starting to see on the radar despite the fact that it was announced in May 2016. Firms now have less than a year to get their houses in order and become compliant with the directive.
There have been attempts at legislation regarding the security of personal data in the past and a good example is the UK’s own Data Protection Act of 1998. However, much has changed in the way data is generated over the last 20 years.
Today we live in a global digital economy, we create data very differently and the data volumes are exploding; more data has been created in the past two years than in the entire previous history of the human race.
In Aug 2015, for the first time, over 1 billion people used Facebook in a single day and sent on average 31.25 million messages and viewed 2.77 million videos every minute. We are seeing a massive growth in video and photo data, where every minute up to 300 hours of video are uploaded to YouTube alone.
The outlook is for much more data generation in the future with Cisco’s June 2017 12th Visual Networking Index forecast predicting that by 2021 there will be 13.7 billion Internet of Things (IoT) connections and 3 trillion internet video minutes per month – 80% of all internet traffic.
Specifically, in the UK, Cisco forecasts there will be 9.4 networked devices per person in 2021, up from 5.7 per person in 2016 and the gigabyte equivalent of all movies ever made will cross the UK’s IP networks every 33 minutes.
When viewed against this fast moving backdrop it is easy to understand why current EU legislation regarding citizen personal data protection never envisaged creation of data on this scale. And so an all encompassing, digitally aware and common standard, the GDPR, has been introduced to provide a level playing field across all member states for data protection.
The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
As well as being sensitive, personal data is also highly valued which is why there are so many cyber attacks that target the capture of such data which once obtained can be sold on for both criminal and equally illegal marketing purposes.
Today, more and more businesses are adopting cloud technology as part of their digital transformation strategies to increase their potential capabilities. Many organisations now view the cloud as secure, in fact, more so than on–premises deployment. However, what we have to remember is that with GDPR cloud security is a joint responsibility.
Organisations relying solely on a cloud vendor’s security protocols are potentially exposing themselves to unnecessary risk.
The scope of the GDPR includes IP addresses and online identifiers, as well as forcing companies to gain people’s explicit consent to use their data. The aim is to make it easier to find out what data companies hold on you, how your data is handled and what it’s used for.
The implementation date for the GDPR is 25 May 2018 and there is no period of grace beyond that time.
Guest Blog by Ian Bevington, Marketing Manager at Oak Innovation – part of a series on GDPR, available at the Oak Innovation News Centre.
