Let’s forget about a Cyber Attack for Now

If you’re a US company and do business in the Europe Union
(EU), GDPR regulation is mandatory. These US companies and their partners should have a big cyber worry besides ransomware and other cyber-attacks

GDPR stands for General Data Protection Regulation. It’s a law created in the European Union (EU) to protect the personal data of its citizens. Although it was passed in Europe, it affects businesses worldwide.

When it went into effect on May 25, 2018, after a two-year transition period. The GDPR set new standards for data protection, and kickstarted a wave of global privacy laws that forever changed how we use the internet.

Classified under GDPR, personal data is information that can be used to identify you. Put simply, it’s any private details that you wouldn’t want to fall into the wrong hands.
Here are some examples of personal data:

Name / phone number / address / date of birth / bank account / passport number / social media posts / geotagging / health records / race / religious and political opinions.

Think of personal data like a jigsaw. One piece alone might not say much but connected together they reveal a vivid picture of your life.

As a business owner, you’ll have to make sure your operations comply with the GDPR. But how does it affect you as an everyday internet user? The only thing most people will need to do is read the cookie consent banners that now appear on websites and click agree (or not). The GDPR affects everything people do online, but it’s mostly working behind the scenes.

Internet users have many new rights to data privacy under the GDPR. Knowing what they are will come in handy if a company is ever negligent with your data.
Here are some of the main user rights outlined by the GDPR:

  • You’re entitled to know exactly how your data is collected and used
  • You can ask (no charge) what information has been collected about you
  • If mistakes in your data, you can request to have them corrected
  • You can have your data deleted from records
  • You’re allowed to refuse data processing, like marketing efforts
  • FREE GDPR Compliance Audit

  • This field is for validation purposes and should be left unchanged.

Cyber Attacks are only half the problem!

Cyber fines from HIPAA, PCI or DFARS can and has put SMB companies out of business

Google has been fined 50 million euros (£44m) by the French data regulator CNIL, for a breach of the EU's data protection rules. CNIL said it had levied the record fine for "lack of transparency, inadequate information and lack of valid consent regarding ads personalization".

British Airways was fined £183.39 million for a major data breach resulting from poor security.

Lübeck Labour Court estimates a fine of €1,000 for the illegal use of an employee photo on Facebook.

Facebook agrees to pay fine over Cambridge Analytica scandal. Company withdraws appeal against £500,000 penalty imposed by UK data watchdog

Deutsche Wohnen must pay 14.5 million euros penalty. The system saved data from applicants - and cannot delete them.

The Swedish Data Inspection Authority said it has imposed its first penalty for breach of GDPR, to a school in Skelleftea that had been trialling facial recognition to register pupil attendance, plus found that the school board's handling of personal information did not comply with GDPR.
The fine amounts to SEK 200,000.

Although smaller businesses wouldn’t be hit for such high amounts, they’re held to the same standards.