By Nick Palmer
The General Data Protection Regulation (GDPR) is one of the farthest reaching pieces of privacy legislation ever to be enacted and it comes into force in May 2018. Designed to protect data related to EU citizens, it will apply to ANY organisation using such data – regardless of where it is located. This means any company in the world storing GDPR protected data has less than a year to come into compliance.
From a compliance perspective, the new legislation confers considerable rights on EU citizens to understand how their data is being used, but also offers the ability to transfer data to different agencies or to have their identity permanently ‘forgotten’ by companies on request. It proscribes massive obligations on organisations to report data breaches within certain timeframes, but most significantly it mandates huge fines on those falling outside the required requirements.
In the US, less than 10% of companies are ready for the new legislation. In this short whitepaper, TrapX explores the background to the GDPR and some of its founding principles. We go on to suggest that as an adjunct to founding principles of the legislation, Privacy by Design (PbD) and time-to-awareness of data breaches can be augmented and supported by a deception strategy.