SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Compliance
#
GDPR
#
NDI
Are you GDPR compliant?
Wed, 30th Jun 2021
FYI, this story is more than a year old
By Staff Writer, Tanium
Follow us

Remember the 2018 rush to become General Data Protection Regulation (GDPR) compliant?

While the GDPR is established in the European Union, businesses of all sizes across the globe need to comply if they:

  • Are based in the EU
  • Offer goods and services in the region
  • Monitor the behaviour of individuals in the EU.

The regulations were introduced with the threat of fines for non-compliance. However, in 2020, enforcement of the rules was temporarily relaxed to support organisations through the challenges of COVID-19.

With this announcement of regulatory flexibility, and with businesses doing what they could to pivot and survive through the pandemic, it's highly likely that GDPR compliance became less of a focus — in 2020 and today. But change is coming back around.

Without continuous oversight, organisations risk hefty GDPR fines in the coming years. The good news is that it's possible to minimise this risk.

Tanium chief IT architect for EMEA Oliver Cronk says that as COVID-19 restrictions continue to ease in many parts of the world, now is an opportune time for organisations to assess how they operate to ensure any new processes or ways of working are fully GDPR compliant.

"To correctly follow the guidelines, enterprises should work with their data protection officers to support the whole organisation — particularly when new operating models and processes have had to be introduced overnight in many cases," says Cronk.

"Examples of these changes can be found in sectors like hospitality, which is now collecting more personal information from customers than ever due to new pandemic-related processes. It's easy to fall into the trap of not declaring what the data is being used for, how it's being processed and how long it will be kept.

"Organisations need to ensure compliance for post-pandemic processes isn't overlooked, or they may be in for nasty surprises such as fines in the near future."

While it is obvious that the GDPR applies to organisations located in the EU, it also applies to organisations outside the EU that market to consumers in the region — i.e. by offering goods and services (including free-of-charge).

With the UK Information Commission's definition of personal data as ‘information that relates to an identified or identifiable individual', almost no business is exempt from GDPR rules. The data that identifies an individual could be as simple as a name or phone number — but could also include other, more complex identifiers such as an IP address or cookies and other digital factors.

Organisations should be aware of what consumer data it holds and how it's being leveraged. The security and compliance risks posed to businesses without this certainty are simply too great. 

Related stories
Legit Security announces strategic partnership with GuidePoint Security
Wavelink partners with Orca Security to enhance cloud security
Fortinet upscales OT & CI cybersecurity in Asia-Pacific
GitLab unveils AI-powered Duo Chat & privacy controls for developers
Spirent partners with online payments platform to boost cyber defenses
Top stories
New ITW Global Leaders Forum code targets international voice fraud
Gen AI optimism high in ANZ but cybersecurity concerns loom
NetApp 2024 report uncovers 'disrupt or die' era powered by AI
Ransomware activity spikes 20%, hospitals now in crosshairs
Mandiant unveils latest M-Trends 2024 cybersecurity report