The EU’s General Data Protection Regulation – or GDPR – has now been in force for a year. Because of the ongoing impact it has on business, this first anniversary is a good opportunity to step back and reexamine GDPR in terms of why it exists and what it calls for, as well as look at a couple of notable non-compliance cases that have already been brought to serve as a reminder – and a warning.
Our modern, connected society generates vast amounts of information -- by some estimates, over 90% of the data extant in the world was created over the last two years. And with the right systems in place, data turns into information that drives business intelligence and enables insightful decision-making. The uses are as endless as the data itself, enabling everything from ad targeting to Smart Cities, and transforming entire industries on the fly.
Business has always run on personal connections. But for many years, it’s also been run on a host of network and data connections designed to provide both internal and external users with the access to corporate systems and information that they need and want. On a daily basis, millions of workers use that access to do their jobs – and they take that access for granted, in large part because of the relative ease in accomplishing it. But there’s a facet to this access that should always be kept in mind, both by users of networks and the administrators charged with protecting those same networks and data: Access is a privilege, and not a right.
Last year was not a good one for the healthcare industry’s security reputation. A quick Google search will unearth countless news articles focused on data breaches in healthcare from across the globe. In the UK, cyber attacks and data breaches hit the NHS hard, while private healthcare providers in the US, UK and Australia all suffered at the hands of hackers.
The key objective of any CISO (Chief Information Security Officer) is the prevention of impact to the organization from any form of security breach. This, as we know, is much easier said than done. A good CISO, in fact, comes to work every morning assuming that a breach has already happened, with a view to fixing any vulnerabilities and securing the system to the highest standard possible. Every single day.