CS Nov-Dec 2022
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
GDPR<br />
their reputation doesn't suffer as a result of<br />
a management error or data protection<br />
oversight.<br />
"When companies are entrusted with their<br />
customers' sensitive data, there are no<br />
measures that go too far. They must be<br />
aware that they are custodians of any data<br />
they collect, process and use, and it is<br />
therefore their responsibility to ensure that<br />
this data is protected. This needs to go<br />
beyond a simple box-ticking exercise to<br />
ensure GDPR compliance, and instead<br />
a business-wide culture of transparency<br />
and responsibility must be adopted. When<br />
it comes to data protection, this should<br />
include a full business continuity strategy<br />
that includes resilience measures, along with<br />
secure, immutable backups and disaster<br />
recovery solutions that can be drawn upon,<br />
if data is maliciously accessed."<br />
WHATSAPP ALSO HIT HARD<br />
Last year, the DPC fined WhatsApp 225<br />
million euros, at that time the largest fine<br />
ever from the commission and the second<br />
highest under EU GDPR rules. Facebook<br />
(now Meta), which also owns WhatsApp,<br />
has its EU headquarters in Ireland. The fine<br />
relates to an investigation that began in<br />
2018 about whether WhatsApp had been<br />
transparent enough about how it handles<br />
information. The issues involved were highly<br />
technical, including whether WhatsApp<br />
supplied enough information to users about<br />
how their data was processed and if its<br />
privacy policies were clear enough. Those<br />
policies have since been updated several<br />
times.<br />
"WhatsApp is committed to providing a<br />
secure and private service," a company<br />
spokesperson said at the time, as reported<br />
by the BBC: "We have worked to ensure the<br />
information we provide is transparent and<br />
comprehensive and will continue to do<br />
so. We disagree with the decision today<br />
regarding the transparency we provided to<br />
people in 2018 and the penalties are entirely<br />
disproportionate." GDPR rules allows<br />
for fines of up to 4% of the offending<br />
company's global turnover.<br />
Clearly, the GDPR is proving effective, with<br />
the large fines administered so far to some<br />
big-name companies proving a reminder<br />
and deterrent to others when it comes to<br />
responsible management of data. All of<br />
which underscores the seriousness of<br />
purpose with which the regulations were<br />
planned. More than four years down the<br />
line since the regulations came into force,<br />
it's worth looking back at how they were<br />
structured and the European Commission's<br />
take on how effective they have proved<br />
since.<br />
First off, the European Commission accepts<br />
that most of the issues that are identified by<br />
Member States and stakeholders will most<br />
likely benefit from more experience in the<br />
application of the Regulation in the coming<br />
years. "Increasing global convergence<br />
around principles that are shared by the<br />
GDPR offers new opportunities to facilitate<br />
safe data flows, to the benefit of citizens<br />
and businesses alike," it states.<br />
IMPROVEMENTS WITH GDPR<br />
Businesses, including SMEs, now have just<br />
one set of rules to which to adhere. "The<br />
GDPR also creates a level playing field<br />
with companies not established in the EU<br />
but operating here. By establishing a<br />
harmonised framework for the protection<br />
of personal data, the GDPR ensures that all<br />
businesses in the internal market are bound<br />
by the same rules and benefit from the<br />
same opportunities, regardless of whether<br />
they are established and where the processing<br />
takes place. In addition, privacy has<br />
become a competitive quality that<br />
customers are increasingly taking into<br />
consideration when choosing their services.<br />
For SMEs, the implementation of the right<br />
to data portability has the potential to lower<br />
the barriers to entry to data protection<br />
friendly services. Compliance with the data<br />
protection rules and their transparent<br />
application will create trust between<br />
business and consumers when it comes<br />
to the use of their personal data."<br />
NEW TECHNOLOGIES<br />
The GDPR is seen as an essential and<br />
flexible tool to ensure the development<br />
of new technologies, in accordance with<br />
fundamental rights. "The implementation<br />
of the core principles of the GDPR is<br />
particularly crucial for data intensive<br />
processing. The risk-based and technologyneutral<br />
approach of the Regulation<br />
provides a level of data protection, which<br />
is adequate to the risk of the processing<br />
also by emerging technologies."<br />
The GDPR's technologically-neutral and<br />
future-proof approach was put to the test<br />
during the COVID-19 pandemic and has<br />
proven to be successful. Its principles-based<br />
rules supported the development of tools<br />
to combat and monitor the spread of the<br />
virus. The future-proof and risk-based<br />
approach of the GDPR is also being applied<br />
in the EU framework for Artificial<br />
Intelligence and in the implementation<br />
of the European Data Strategy, aimed at<br />
fostering data availability and at the<br />
creation of Common European Data<br />
Spaces.<br />
GLOBAL PROTECTION STANDARDS<br />
The GDPR has emerged as a reference point<br />
and acted as a catalyst for many countries<br />
and states around the world considering<br />
how to modernise their privacy rules.<br />
International instruments, such as the<br />
modernised 'Convention 108' of the Council<br />
of Europe or the 'Data Free Flow with Trust'<br />
initiative launched by Japan are also based<br />
on principles that are shared by the GDPR.<br />
This trend towards global convergence<br />
brings new opportunities for increasing the<br />
protection of Europeans, while, at the same<br />
time, facilitating data flows and lowering<br />
transaction costs for business operators.<br />
The GDPR offers a modernised toolbox to<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Nov</strong>/<strong>Dec</strong> <strong>2022</strong> computing security<br />
39