The General Data Protection Regulation (GDPR) passed by the European Union (EU) in 2016 is due to be implemented on May 25, 2018. The GDPR shifts focus on data protection of any citizen of the EU wherever they are worldwide. Failure to protect or provide data when requested by an EU citizen can result in crippling fines for businesses. The consequences of these regulations have universal reach. The US should not ignore the new regulations. Due to national sovereignty, the power of GDPR regulators to reach US businesses is limited. Despite that, here is why the new regulations should not be summarily dismissed.
The GDPR will hold companies that operate in or serve EU countries and its citizens accountable for data breaches. In the wake of recent high-profile data scandals in the USA such as Cambridge Analytica and Equifax, the EU is taking the lead in data security and retention. Failure to follow the regulations can result in exorbitant fines up to 20 million euros.
As a result, the EU is investing billions in cybersecurity in a public/private partnership to bolster their defenses and innovate their cybersecurity approach.
The internet, stock markets, multinational corporations and global economy have pushed us to think beyond the boundaries of jurisdiction formerly divided by borders. An outbreak of Ransomware can spread from one computer across 150 nations in a day, such as in the case of the WannaCry epidemic in May of 2017. The FBI has no extradition treaty to reach cyber-criminals living in Eastern European countries. Cyber-crime funds terrorism and enemies of the US.
Securing our networks locally using a multi-layered approach is necessary. Having reliable backup will allow the recovery of infected data after an attack. Recovering from a reliable backup system is preferable to funding terrorism. When facing the threat of losing all your critical data or paying a ransom, the stakes get high.
As a cop, I often gave advice about securing houses against the threat of burglary. Making it hard to break in was often enough preparation to deter criminals and cause them to move on to an easier target. The European Union has just mandated that their businesses secure their houses. If the US doesn’t follow suit, we are essentially leaving our doors and windows wide open.
Businesses and citizens of the US must secure their data. If limited by budgetary constraints, start with backup and disaster recovery. Prevention of cyber-attacks is preferable. In the end, being able to recover from a cyber-attack mandates a reliable backup solution. Ask a managed services provider in your neighborhood for assistance.