Data Protection in the Post GDPR-Era

(and why it could cost you big)

Chances are that if you’ve been on Instagram or Facebook in this last week, you’ve seen photographs of your friends looking older or younger (and no, there is not a new plastic surgeon in town!). FaceApp is enjoying a moment in the spotlight as the most downloaded application from the App Store thanks to its AI-based photo editing capabilities. But in the wake of its success, serious concerns of data privacy have made front-page news and people are suddenly worried.

The rise in privacy concerns.

Reviewing FaceApp’s privacy policy, one can quickly see that its deliberately abstract wording is at worst somewhat sketchy and not GDPR (General Data Protection Regulation) compliant at best. But they are not alone. In fact, according to Gartner, more than 40% of worldwide organizations will be in violation of GDPR laws by 2020 and  GCC companies seem to be some of the worst offenders.

Cyber-attackers today have very few obstacles with regards to obtaining information illicitly and illegally because the tools needed to cause maximum disruption are readily available and do not require in-depth technical knowledge. Unfortunately for the GCC, while companies are aware of this threat many have poor IT governance and data controls in place making them very vulnerable. Ransomware, phishing, data leaks, and hacking are just some of the ways that they fall victim to crimes, but they are often equally guilty of not complying with GDPR rules.

Thankfully, unlike British Airways, not all organizations will receive fines of £183M – supervisory authorities such as the Information Commissioner’s Office (ICO) have the scope to take a range of other actions including issuing warnings, imposing temporary bans on data processing, or suspending data transfers to third countries. Regardless of the penalty, no growing start-up or thriving establishment in the GCC wants to have to deal with unnecessary administrative red tape in the EU that will prevent business growth in a highly competitive market.

However, while the EU seems to be leading the way with regards to data protection and privacy regulations, GCC countries can learn something from the launch of GDPR. Implementing a similar GCC-wide data protection law has the potential to not only benefit the participating countries but also the consumers at large, especially since the Middle East was ranked in the top 5 regions dealing with cyber-attacks and security breaches in 2017.

Mitigating and managing your data risk.

Understanding how personal data flows within an organization and managing the life cycle of the data is key to enabling an organization to address its GDPR compliance requirements over the long-term. As far as Dell Technologies is concerned, it is crucial for organizations, especially in our digital era, to take command of security and privacy risk. The EU’s GDPR presents stringent obligations and associated penalties for non-compliance, which challenge all organizations subject to them. And with many GCC companies simultaneously vulnerable to critical cyber-attacks, we want to support you in managing and mitigating risk around the lifecycle of your data.

Get your data protected by Dell security solutions today.

About the Author: Dell Technologies