Practically Speaking About IT Infrastructure

Choosing a New Cloud Provider? Let the Workload Be Your Guide

Improving IT efficiency, delivery, and cost structure There’s no question that customers are embracing cloud for all types of workloads. Whether the workloads are mission-critical, third-tier applications, or somewhere in between, the cloud has become the destination of choice for customers looking to improve their
/
App Direct CEO

How to Transform to Succeed in the Digital Economy

Succeed in the Digital Economy In today’s increasingly competitive business climate, companies must put digital technologies at the core of their operations. In order to avoid the same fate as companies like Sears or Yellow Cab, businesses must digitize -- from their internal processes to
/
New-York-Taxis

Why Isn’t There a US GDPR?

US GDPR

Recently, I was reading an article from The Hartford on how to protect business income. The Hartford recommends something that seems like a no-brainer to anyone who has ever heard of the cloud — meaning just about anyone doing business today. According to The Hartford, “It’s a good idea to backup your digital data in a cloud-based server and duplicate any data contained in hard assets.”

Despite the apparent obviousness of this statement, it implies something about American businesses and America’s regulatory structure regarding data: there’s no safety net required. Security is optional. Companies can possess the most valuable information about individuals. Companies can possess information that sums up your entire life, information that can be the difference between poverty and wealth, information worth billions of dollars, information that, in a capitalist system, can quite literally make the difference between life and death. Yet we — or rather, the government — doesn’t require companies to back that data up.

Data Recovery Services

The quick rejoinder is that requiring companies to backup data gives an unfair advantage to companies that sell cloudspace and other types of backup. It only takes two words to dispel that argument: private cloud. Others might contend that private blockchains could do the job. For EU lawmakers preparing to implement GDPR, it doesn’t matter what type of backup you choose, as long as your security measures are stringent and respectful of the datasource: EU citizens.

It might seem naive to ask this question, but why isn’t there a US GDPR? If your US-based company uses EU citizen data and doesn’t comply with GDPR’s strict rules, your company could get stung with a huge fine — nearly $24 million, or 4 percent of your annual global turnover, whichever is greater. If a EU-based company uses a US citizen’s personal data contrary to the spirit of GDPR, they get stung with … nothing. They might get hit with a lawsuit, but we all know how well corporate lawyers with millions of euros at their disposal can do against private citizens who don’t have as much cash to throw at problems.

In other words, the EU stands to make a great deal of money from US companies that mess this up, while US companies stand to lose. With the number of lobbyists and lawyers US companies have on their payroll (Steven Brill, founder of American Lawyer magazine, says there are twenty lobbyists for every one member of congress), you’d think there would be a bill to rival GDPR.

The only thing US-based companies can do besides lobby for such a bill is batten down the hatches in preparation for the coming GDPR storm. A last minute GDPR checklist reveals what that entails:

  1. Your company must find out if any of the data you’re mining is EU citizen data.
  2. Your company must determine whether any of the EU citizen data in your database is “sensitive data” — that is, data of a personal nature (see GDPR Article 9).
  3. Find out where you’re storing EU citizens’ sensitive data.
  4. Make sure you can easily cleanse your IT systems of all sensitive data, and that you can easily cease targeted marketing activities.
  5. Find out whether you can implement “privacy by design” with your IT processes.
  6. If you can’t implement privacy by design through built-in protocols, you’ll need to overhaul IT and make sure security and data privacy measures are in place at every touchpoint.
  7. Make sure you can immediately erase any EU citizens’ data — they have the right to be forgotten.
  8. For data breaches in which a EU citizens’ data is involved, you must report the breach within 72 hours; make sure you have a response plan in place such that no more data is vulnerable.
  9. If your organization mines and processes large amounts of sensitive personal data on EU citizens, you should hire a Data Protection Officer.

As you can see, a “last minute GDPR checklist” is no small item. In fact, Bloomberg reports that the world’s 500 biggest companies are spending $7.8 billion on GDPR compliance.

Overall, a greater number of EU companies have more at stake here. But some US-based companies process more data than anyone else in the world. Microsoft alone has 300 engineers working on the problem.

If the US were to implement its own version of GDPR, it would accomplish two things. One, it would show US citizens that the government actually cares about democracy and our right to control our own data. Two, it would level the playing field. European firms wouldn’t be able to continue capitalizing on US citizens’ personal data unless US citizens give consent.

For now, all we can do is prepare for GDPR, sit back, and watch this development play out. Once the first violation occurs, we’ll see how successful the EU is at collecting $24 million dollars from a shamefaced American company with plenty of lawyers at its disposal.

By Daniel Matthews

  • Articles
Daniel Matthews Contributor
Technology Writer
Daniel Matthews is a freelance writer from Boise, ID. Daniel received his Bachelor’s in English from Boise State University in 2006, and is currently working on a book about the 2008 financial crisis. Widely-published online, he specializes in research and analysis that sheds light on the intersection of tech, business, and current affairs. Daniel is an avid writer and technology enthusiast whose mission is to bring journalistic integrity and informed opinions to his audience in ways that make them think differently about the world. You can find him on Twitter and LinkedIn.
Mark Casey Apcela

Industrial IoT will reshape network requirements

Industrial IoT The hype around IoT may have been surpassed this year by breathless coverage of topics such as artificial intelligence and cryptocurrencies, but there ...
Aaron Continelli

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in mind when implementing an ERP ...
Daren Glenister

Cyber Security Tips For Digital Collaboration

Cyber Security Tips October is National Cyber Security Awareness Month – a joint effort by the Department of Homeland Security and private industry to ensure ...
Gartner

Top Trends in Blockchain Technology; inching towards Web 3.0

/
There’s no shortage of news about mega digital commerce players controlling the algorithms that guide our daily actions and thoughts.  See Amazon Changed Search Algorithms in Ways to Boost its Own ...
Firefox is testing a VPN, and you can try it right now - It’s part of the revitalized Firefox Test Pilot program

Firefox is testing a VPN, and you can try it right now – It’s part of the revitalized Firefox Test Pilot program

/
Last week, Mozilla said its Firefox browser would block third-party trackers for everyone by default and yesterday, Mozilla announced a new product that could give Firefox users even more privacy ...
Cisco News

What is the Current State of Cybersecurity in the Oil & Gas Industry?

/
How is cybersecurity viewed in your organization?  Do you feel like your company is well-positioned against cyber threats in your Operational Technology (OT) areas?  Is there acknowledgement that as more ...

TRENDING | TECH NEWS