New Frontiers in Regulating Data Protection and PrivacyStandards

In recent years, the world has become even more data-driven. We have seen the explosive demand for data which ushered in the creation of unprecedented volume, velocity and variety.


Call Us Today
In recent years, the world has become even more data-driven. We have seen the explosive demand for data which ushered in the creation of unprecedented volume, velocity and variety. This paradigm shift has also resulted in additional risks, with wider impact and costlier consequences, for example:

  • Uber confirmed that the recent hack affected 57 million customers and drivers worldwide;
  • Yahoo disclosed that over 3 billion of its email users were likely compromised over the last four years;
  • Equifax, a consumer credit reporting agency, experienced the theft of over 140 million consumers records .

These and similar incidents highlight that no company, regardless of its type, location or size, is immune to cyberattacks or data leakages. The Cost of Data Breach Study supports this perspective, as 1 in 4 company will likely experience a security breach .Increased attention to the protection and privacy of data should therefore be a priority for organizations.

Considering thecurrent landscape, it is hardly surprising that the theft of information remains the most expensive consequence of a cybercrime, as reported by the 2017 Cost of Cybercrime Study .The study further states thatfor industries such as financial services, and utilities and energy, the average cost of cybercrime amounts to over $17 million. Global reports continue to reveal numerous breaches and leaks that underscore that the application of baseline standards for the protection of data is an absolute necessity.

    The adoption of sound data protection and privacy practices, processes and technologies will help an organization to:

  • safeguard customer data, trade secrets and other sensitive data
  • minimize risk exposure;
  • minimize the costs associated with responding to a breach;
  • reduce or eliminate any payment of penalties associated with a breach; and
  • meet regulatory requirements.

The European Union (EU), in a bid to protect all its citizens from privacy and data breaches,have implemented the General Data Protection Regulation (GDPR)that will come into force on May 25, 2018. The provisions of the GDPR apply to organizations located in the EU and also to organizations located outside of the EU, if these organizations:

  • offer goods or services to EU data subjects; or
  • monitor the behavior of EU data subjects.

This means that the GDPR touches and concerns many organizations worldwide. Consequently, organizations operating(physically or remotely) in several countriessuch as financial services, pharmaceutical and health services, education services, telecommunication services, and consulting services may be impacted.

Some of the crucial changes under the GDPR are shown inTable 1.

Key Changes Summary
Increased Territorial Scope GDPR’s application extends beyond organizations in the EU.
Consent Consent requests must be clear and intelligible, and distinguishable from other matters. The right to withdraw consent must be also clear
Rights of Data Subjects Provides for extended rights such as: ·         Timely mandatory breach notification ·         Right to access to information on the nature and form of personal data being processed ·         Right to be forgotten  
Penalties An organization in breach may be fined up to 4% of annual global turnover or €20 million

These and other changes will likely impact an organization’s processes and procedures, policies, strategies, and the use of technologies. The Data Protection Impact Assessment (DPIA) is one integral step for many organizations in determining their preparedness to meet the new regulatory requirements.

    WCG’s experienced team will work with you to ensure that your organization is prepared for GDPR.Our GDPR Assessment Services is complemented by a range ofother services that include:

  • identifying potential gaps and vulnerabilities in your business;
  • assessing and refining your organization’s incident response practices and policies;
  • developing secured solutions to manage the processed data throughout its lifecycle; and
  • conducting privacy impact assessment (PIA).

Undertaking these activities will help to ensure your organization’s readiness for data privacy and protection regulatory requirements, including GDPR and improve security standards in your organizations.