BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
In this week's Risk & Repeat podcast, SearchSecurity editors discuss GDPR compliance and how the EU law will affect enterprise data privacy and security across the globe.
What you don't know about the European Union's General Data Protection Regulation won't kill you, but it could put a 20 million euro dent in your company's bottom line.
Organizations preparing for GDPR compliance have a little less than one year to enact privacy policies and security controls to meet the law's requirements, which aim to protect the private information of EU citizens. GDPR addresses the processing, handling and exporting of personal data for EU citizens and includes strict controls for data protection, breach notification, the right to be forgotten and other measures.
While the law will have major implications for U.S. companies that have EU-based customers and users, interest in and action on GDPR compliance appears to be dragging. Experts, however, are urging enterprises to take the impending law seriously and compose a plan for GDPR compliance before the May 25, 2018 deadline. It's unclear how harshly companies will be punished for violations under GDPR.
The law was drafted in 2012, but it gained momentum and interest following Edward Snowden's intelligence leaks in 2013, which revealed the National Security Agency's massive surveillance and data collection programs for both American and foreign citizens.
How will GDPR be enforced? What will the law mean for cloud security and data protection? Will other nations adopt similar measures? In this episode of the Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss those questions and more on the topic of GDPR compliance and what the law means for data privacy and security on a global scale.
Risk & Repeat: How EternalBlue fueled the vulnerability disclosure debate
Risk & Repeat: Who's to blame for the WannaCry ransomware?
Risk & Repeat: Analyzing President Trump's cybersecurity executive order