GDPR

GDPR one year on: measured enforcement is just the beginning

It’s official – the GDPR is one year old. In its first 12 months, the European Commission has demonstrated strong yet measured implementation, with fines totalling over €56 million hitting 91 companies, including €50 million against a single organisation. A significant amount, yet a fraction of the full 4% of companies’ total global revenue they…


It’s official – the GDPR is one year old. In its first 12 months, the European Commission has demonstrated strong yet measured implementation, with fines totalling over €56 million hitting 91 companies, including €50 million against a single organisation. A significant amount, yet a fraction of the full 4% of companies’ total global revenue they could have levied – a difference of billions. 

As enforcement begins, the commission seems to be leaning towards a constructive approach – with some members stating publicly they do not wish to put companies out of business, or leverage a fine so large a company would be incapable of fixing the problem. The goal seems to be to incentivise companies to fix the problem, while letting them know that if they do not, the fine could get worse. As time goes on, this approach will likely change. 

GDPR

  • What’s been done for data privacy since GDPR?
  • Majority of companies still aren’t GDPR-compliant
  • First fine under GDPR

    Today, the commission seems to be  rewarding good behaviour as much as it is punishing bad behaviour. A perfect example of this is the first company to be fined under the GDPR, a German social media platform called Knuddels. On first glance, the offense

    Read More

    Be the first to write a comment.

    Leave a Reply

    GDPR

    This ransomware steals your data and threatens to report you for a GDPR violation

    Cybercriminals are once again targeting unsecured MongoDB databases but this time they are threatening to report the owners of those database for GDPR violations if their ransom demands are not met.As reported by ZDNet, the hacker behind this new campaign has uploaded ransom notes on 22,900 MongoDB databases that were left exposed online without a…

    Cybercriminals are once again targeting unsecured MongoDB databases but this time they are threatening to report the owners of those database for GDPR violations if their ransom demands are not met.

    As reported by ZDNet, the hacker behind this new campaign has uploaded ransom notes on 22,900 MongoDB databases that were left exposed online without a password. They are using an automated script to scan for misconfigured MongoDB databases, wiping them and then demanding that a ransom of 0.015 bitcoin or around $140 be paid.

    Victor Gevers at the Dutch Institute for Vulnerability Disclosure back in April.

    • EU report says GDPR still isn’t really working fully
    • Major data breach exposes database of 200 million users
    • MongoDB Cloud b

    Read More

    Continue Reading
    GDPR

    Sync.com review

    Sync.com has been providing cloud storage services for a number of years now, and it’s going to appeal if you’re looking for something that’s simple, speedy and secure. As the name suggests, it syncs a single folder of data between your computers and the cloud.In a lot of respects, Sync.com is similar to Dropbox, though…

    Sync.com has been providing cloud storage services for a number of years now, and it’s going to appeal if you’re looking for something that’s simple, speedy and secure. As the name suggests, it syncs a single folder of data between your computers and the cloud.

    In a lot of respects, Sync.com is similar to Dropbox, though it doesn’t have quite as many features (such as the ability to sync files outside the main folder). What it does offer that Dropbox doesn’t have, however, is end-to-end encryption for maximum file security.

    • You can sign up for Sync.com here

    Sync.com features

    The core functionality of Sync.com is to keep a folder on your system in sync with the cloud and any other computers where you’ve got the client software installed. It’s all very simple to set up and use, though you could reasonably point out that Sync.com isn’t really offering anything you can’t get elsewhere from better-known services – ones that come with office apps, better mobile integration, and so on.

    The platform supports versioning, so you can go back to older versions of files if you need to – and in a generous move from Sync.com, these older versions don’t count against your storage quota. Once you’re a paying customer, these older versions can be kept indefinitely, otherwise they’ll automatically be wiped after 30 days.

    Basic file and folder sharing is supported on the Sync.com platform too, and there’s also support for advanced sharing controls with password protection and expiry dates on links. Mobile apps are available – with automatic photo and video uploading, should you need it – and if you sign up for a team account then you get provision for keeping your data compliant with standards like HIPAA, GDPR and PIPEDA.

    Actually, one of Sync.com’s features is its lack of features: a focus on the core functionality that matters, keeping your data secure, private and well-managed between multiple computers (and multiple users, if needed). If that appeals, and you want several terabytes of space for not much money per month, it’s worth checking out.

    Sync.com

    (Image credit: Future)

    Sync.com interface

    Installing Sync.com on Windows or macOS is a relatively painless exercise, and the application places a folder on your hard drive – anything dropped in here then syncs to the cloud and to any other computers where you’ve got the software installed. Network drives and external drives can’t be included, nor can files and folders outside of your main Sync.com folder, so the software is a little bit limited in that way.

    The web interface is slick and easy to use, and offers another way of getting your files up to the cloud. If you prefer, you

    Read More

    Continue Reading
    GDPR

    New DIFC Law expected to bring enhanced governance and transparency obligations

    The new Dubai International Financial Centre (DIFC) Data Protection Law (DPL) 2020 law, coming into effect from July 1, is expected to bring enhanced governance and transparency obligations.Even though the law comes into force from July, businesses to which the law applies will have a grace period of three months, until October 1, 2020, giving…

    The new Dubai International Financial Centre (DIFC) Data Protection Law (DPL) 2020 law, coming into effect from July 1, is expected to bring enhanced governance and transparency obligations.

    Even though the law comes into force from July, businesses to which the law applies will have a grace period of three months, until October 1, 2020, giving organisations just a few months to make necessary changes required to bring compliance frameworks into line with the new law.

    The new Data Protection Law replaces Data Protection Law DIFC Law No 1 of 2007, which was already one of the most advanced in the region, places Dubai and DIFC at the forefront of data protection in the region and enabling the financial hub to enhance the Centre’s data protection practices related to global data, security and privacy best practice.

    It is now more important than ever for companies to have a data management strategy to ensure data compliance is taking place within an organisation – both from an operational and cultural perspective.

    By encouraging data responsibility and implementing the latest data management tools, businesses can do their bit in preparing themselves for DPL 2020.

    The new DPL 2020 law will actively benefit companies in a range of ways. Not only will it manage data effectively and ensure data compliance, but it will also increase companywide efficiency; provide a competitive advantage and protection against malware attacks.

    The new DIFC Law reflects many of the requirements of the EU’s General Data Protection Regulation (GDPR) seen by many as the ‘gold standard’ for data protection compliance.

    “From our previous experience in preparing for the GDPR coming into force, we recommend that organisations should start planning now. In particular, organisations should prioritise fact gathering and other time-intensive tasks such as contract remediation,” Kellie Blyth, head of Data and Technology at Baker McKenzie, said.

    However, she said that there are some key differences between the GDPR and new DIFC Law, which organisations should be aware of.

    “The new DIFC Law requires Controllers and Processors to appoint a DPO [data protection officer] if they carry out high-risk processing activities on a systematic or regular basis or if required to do so by the Commissioner.

    “If a Controller or Processor is not required to appoint a DPO, the organisation must allocate responsibility within its organisation for oversight and compliance with its data protection obligations under the new DIFC Law (or any other applicable data protection law),” she said.

    Time to act

    The DPO must reside in the UAE, Blyth said unless the DPO is employed within the organisation’s group and performs a similar function for the group on an international basis.

    Blyth urged organisations in the DIFC to move swiftly to review their current data processing practices and to identify where their existing data protection policies and procedures will need to be updated to reflect the requirements of the new law.

     “An important difference between the new DIFC Law and the GDPR is that DPOs are required to conduct an annual assessme

    Read More

    Continue Reading
    GDPR

    Parrot slams DJI drone data security during Anafi USA launch

    Parrot has used the launch of its new Anafi USA commercial drone to criticize the data security practices of its main rival DJI, which makes popular drones like the DJI Mavic Air 2.The French drone maker has worked with the US Army to develop the Parrot Anafi USA, which is an expensive commercial drone designed…

    Parrot has used the launch of its new Anafi USA commercial drone to criticize the data security practices of its main rival DJI, which makes popular drones like the DJI Mavic Air 2.

    The French drone maker has worked with the US Army to develop the Parrot Anafi USA, which is an expensive commercial drone designed mainly for first responders, firefighters, search-and-rescue teams and security agencies.

    And while the Anafi USA is interesting technologically – the rugged drone features 32x optical zoom and a FLIR thermal camera – it wasn’t the main headline from a launch that gave equal emphasis to criticizing its main rival, the Chinese drone maker DJI.

    Talking about Parrot drones in general, Henri Seydoux (CEO of Parrot Drones), emphasized that its products are all GDPR compliant, which means that “no data without the user consent is sent to any place, to any server anywhere”. He added: “The data is yours. And we follow completely the rules. Even more important, Parrot is the technology company who writes the drone software.”

    This is where the launch became really interesting, as Henri Seydoux went from cloaked digs at its rival to calling out DJI specifically for not only lacking equivalent data security, but suppressing data leaks and even changing data leak methods once they’ve been detected. 

    “Our software is available to any questions, to any customer that asks us questions about the functionalities of the software. All the functionalities of the software are described and documented and can be shown to the user,’ he said. “And I don’t believe it’s the case for DJI drones. It’s very questionable how much or what exactly does the software from DJI drones.” This

    Read More

    Continue Reading