2018 – The Year with GDPR and CLOUD Act

2018 was really the year of data privacy and protection. I mean who didn’t get about 10 000 GDPR emails? We saw companies all over Europe and the world scramble to meet the requirements of the data protection regulation. The year has really highlighted the importance of security and integrity. In this blog post we will go through some of the important events of the year in terms of data protection and information security, and also summarize some industry predictions for 2019.

GDPR – power to the people!

The General Data Protection Regulation, GDPR made a lot of companies shake in their corporate boots. The regulation, which specifies how personal data belonging to EU/EEA citizens can be processed, really puts the power back in the hands of the people. GDPR forced organizations to completely review their routines and processes to ensure safe processing of personal data (which should actually be seen as something positive!).

We have now lived in the GDPR-era for 6+ months, and while some European authorities have started handing out sanctions, others have been a bit more wary. Sweden for example, has taken a more conservative approach. Datainspektionen released their first report in October, where they evaluated 400 organization to see if they had appointed a DPO.* In Germany, a first sanction was recently issued to a chat platform company.**

GDPR reinforces the belief that sensitive data should be protected, and that personal data is an important asset for both companies and individuals and should be treated as such. This has now put focus on technical solutions and data security mechanisms that can improve protection of sensitive data. Making privacy and protection of sensitive data part of the purpose of the technology itself is something that we will see more of in 2019. Constant privacy will become more of a demand from consumers. We have previously written about technology solutions for secure handling of sensitive data. Companies should for example look into solutions like HSM for encryption and Log Management to ensure traceability.

The other side of the privacy coin – The controversial CLOUD Act

Another law that made headlines in 2018 was CLOUD Act. In contrast to GDPR, which gives individuals more power over their personal data, CLOUD Act made, and is still making, a lot of companies in Europe cautious in choosing an American cloud hosting provider. CLOUD Act is an American law with global impact. The purpose of CLOUD Act was to modernize laws on surveillance and privacy to reflect the global nature of the Internet. What this means in practice is that American cloud service providers have to give American authorities access to data, regardless of where the data is stored or where the person of interest lives. This could give American authorities access to data belonging to EU citizens. CLOUD Act is a controversial law, and we have written about the potential implications in a previous blog post. The quintessence of CLOUD Act goes against GDPR, and CLOUD Act and GDPR really highlight the different views on integrity.

Some of the industry predictions for 2019 are that the US will still lag behind Europe in terms of privacy. This could potentially hurt them in the sense that companies might choose to overlook American IT companies and instead do business in areas where privacy and integrity is prioritized.***

Cyber security in the Board Room

Cyber security is a constant ‘trend’ within IT. Companies have to continuously make efforts to stay ahead of hackers, which always calls for new thinking and innovative solutions. Industry experts agree that hackers will become even more sophisticated in their techniques, and that machine learning/AI will be used more in cyber defense.***

With data protection becoming part of the agenda, we have seen that cyber security has and will be valued more by companies, and especially on a top management and board level. Bringing security higher up in the value chain is positive in a lot of ways. It helps companies stay one step ahead of hackers. Further, from a business and marketing perspective, being known as a secure company will help you gain new customers.

*https://www.datainspektionen.se/nyheter/forsta-svenska-gdpr-granskningen-klar/

**https://www.bleepingcomputer.com/news/security/first-gdpr-sanction-in-germany-fines-flirty-chat-platform-eur-20-000/

***https://www.forbes.com/sites/gilpress/2018/12/03/60-cybersecurity-predictions-for-2019/#40acfc343528

More blogs