The 'New Normal' of Data Protection and Information Security

The 'new normal' is happening now. Businesses are reopening after a month of forced closure due to regional quarantine, and (almost all) regular activities have resumed while taking extra health and safety precautions. In cyberspace though, a new normal has already begun after a particular crisis that ran rampant across the globe a couple of years back – the online privacy crisis of 2018.

Online Privacy Crisis of 2018

The story began with the Cambridge Analytica scandal which involved Facebook. A dangerous loophole in the social media giant’s privacy policy was exploited, and the personal data of as many as 15 million users were compromised.

Since the dawn of social media, personal data has been given freely and consciously. Almost every digital social platform was initially intended to be used for fun – to share, connect, and build a community of like minded individuals.

However, developers noticed an overwhelmingly rich amount of psychographic data that can be anonymized, analyzed and sold to advertisers, or in the case of Cambridge Analytica, political consulting firms.

The New Law

In response to this scandal, on 25 May 2018, the European Union passed a bill called the General Data Protection Regulation (GDRP), which applies data and privacy protection to citizens in the EU – however, the ramifications are worldwide.

In short, the GDPR leverages better practices for personal data collection, storage and use. Indeed, commercial use of private data has not ceased, and probably never will, since many industries, such as digital advertising, are heavily reliant on big data.

However, the GDPR would still force businesses to offer freedom for users to opt out on personal data transfers, both for active types of data transfers (such as personal identity and security information) and passive (such as cookies, geolocation, and IP address) – and also to offer the right to be forgotten.

Compliance to GDPR

It may be true that the EU GDPR is the “toughest privacy and security law in the world”, even the official site admits it. Infringement of the law will result in heavy fines of tens of millions of euros in addition to compensation for damages. This applies to all businesses that target and store EU citizens’ data regardless of geographical location.

In this increasingly interconnected world, it is next to impossible to avoid the GDPR, and the best course of action is always to comply, such that this is the new normal for the digital landscape. Cybersecurity firm Xynexis believes in providing solutions at levels that are far more than compliance.

We assess information security risks to further implement an information security management system. With Xynexis, your business will be aligned with the privacy and security laws of none other than the European Union.