2018 has undeniably marked a shift in how we deal with personal data and data security. The collective experience we accumulated in the course of a series of hacking attacks over the past couple of years was finally combined with milestone legislative instruments that take a definitive stand in the battle against cybercrime and in promoting data security.
GDPR Changes Data Security Landscape
Individuals and organizations alike would probably single out the advent of the new General Data Protection Regulation (GDPR), the flagship comprehensive European Union legislative tool in data protection, as the most defining moment in 2018. Adopted in 2016 but implemented in May 2018, the GDPR focuses on data protection, but this also means that data security is promoted. Data security refers to safeguarding data across resources ranging from databases and mainframes to big data and the cloud, in order to protect it from external threats like hackers and internal threats like malicious or negligent authorized users. The GDPR calls for data processors and controllers to implement technical and organizational measures that serve the purpose of what has been dubbed “privacy by design” and “privacy by default”.
Data Security Boosted through Legislative Initiatives
This means that organizations and businesses holding and processing personal data must make sure that they have put in place security mechanisms to protect that information adequately. The effort to comply with GDPR requirements means that most companies have already adapted their approach to become more security-focused. According to research, 31% of companies have implemented or optimized IT security ahead of GDPR coming into effect, 44% have updated their data protection policies, while 26% have reviewed and amended their products and 32% have made sure that contracts with vendors who process personal data would be updated. This trend and focus on improving security for personal data not only in Europe but across the globe has remained strong and gained even more momentum after May 2018, when the GDPR was implemented.
ePrivacy Regulation Builds on the Momentum
But it has not just been the GDPR that made this year unique. On January 3rd, 2018, the MiFID II (Markets in Financial Instruments Directive) came into effect, which significantly strengthens transparency and efficiency of financial markets through better data reporting and registering. And later, on July 10th, the EU published the latest draft of the new ePrivacy Regulation that will replace its previous legislative framework with regard to electronic communications. Focusing specifically on electronic communications and with a scope that encompasses non-personal data as well, the ePrivacy Regulation is expected to alter the cookies landscape drastically – and also to build on the data security legacy of the GDPR.
Meanwhile, 2018 has also proven that the interest in cybersecurity and data protection is far from fleeting. It seems that data security will continue to remain a priority for organizations as ransomware and other hacker attacks remain a top threat, while states have also had a taste of elaborate cyberwarfare acts aimed at providing malicious third parties with unauthorized access to sensitive data.