Security Awareness Blog

Hey America (and World) GDPR Applies to You Too

Screen Shot 2017-10-10 at 9.36.37 AMIn 2003 California rocked the privacy world when it passed California S.B. 1386. This law stated that any organization that was breached and had the personal data of California residents had to notify those individuals that their data was breached. While the law was only passed in California, the law impacted any organization in the United States that handled the data of any California resident. The impact of the law has been huge as it has been the driver for so many breaches going public in the past 15 years.

GDPR is the same thing, but on a global scale. The EU General Data Protection Regulation, which goes in effect 25 May, 2018, states that any organization that handles the personally identifiable information of any living EU resident must protect that information. If that information is breached, that organization must report the incident and notify those individuals. This regulation replaces the current EU Data Protection Directive. Ultimately the goal for both regulations is the same, the protection of EU personal information, however the biggest difference is the new GDPR has teeth. Organizations have 72 hours to report when breached, and can be fined up to 4% of their global revenue, which is ALOT of money. Many European companies have been investing resources preparing for GDPR. My concern is most organizations outside of Europe have NOT, and they will be caught with their pants down next year (Equifax anyone?). If you handle the data of European individuals (which you probably do and may not even realize it), GDPR applies to you, REGARDLESS of where you are located.

Need to get spun on GDPR and what it means? SANS Instructor (and one of our top Subject Matter Experts) Ben Wright did an excellent summary of what GDPR is and what it means to you. Also, if you are a customer of SANS Security Awareness, we already have you covered for your awareness program. Want to learn even more about GDPR and how it applies to awareness? Join us for the EU Security Awareness Summit 6/7 December where some of the world's top experts, including Brian Honan, will be speaking on just this topic.

4 Comments

Posted October 17, 2017 at 11:26 AM | Permalink | Reply

Peter

English is not my native language, but I would write the last word of the title with two o's.

Posted October 17, 2017 at 12:08 PM | Permalink | Reply

lspitzner

Peter, you rock! English is my native language and apparently I can't get it right. Fixed

Posted October 23, 2017 at 1:15 AM | Permalink | Reply

Pauline Reich

Would be good if you had a lawyer present about GDPR. Maybe an interdisciplinary training team, including women. You might draw a bigger audience. I could do it for audiences in Asia.

Posted October 23, 2017 at 11:14 AM | Permalink | Reply

lspitzner

Pauline, thanks for the kind offer! We currently do not have any GDPR events planned for Asia. However, we do have one of the world's top GDPR experts (Brian Honan) hosting a GDPR event at the EU #SecAwareSummit this 6/7 Dec in London.

Post a Comment






Captcha


* Indicates a required field.