Information Security Buzz, May 17, 2019, comment by Willy Leichter
The one-year anniversary of GDPR passed this month, about a week ago. Information Security Buzz gathered comments from 13 industry experts. Included in the lineup: Willy Leichter, VP at Virsec.
“In many ways, the leadup to the GDPR going live last year felt like Y2K – a global scramble to get ready, causing lots of uncertainty. But when the ball dropped, it seemed like nothing happened, and little enforcement has been apparent. But given the slow, deliberate pace of EU bureaucracy, after the first year, we’re probably just getting started. Enforcement actions by European data privacy authorities prior to the GDPR averaged over 330 days, so it seems likely that some big wake-up-call penalties are on their way.
The other tangible effect of the GDPR has been on prompting other countries and states to consider enacting similar regulations. California (which enacted the first breach notification law more than 15 years ago) has already passed a consumer data privacy act modeled after the GDPR, and other states and the US government are likely to follow to varying degrees.”
Read full GDPR one-year later article.
Further resources:
Blogs:
British Airways breach will show us the first serious GPDR penalty
ICO issues maximum £500,000 fine to Facebook for failing to protect users’ personal information
GDPR requirements around consumer consent opt-ins for email
GDPR-tough options increase your security or increase your penalties budget