There is an ever-growing amount of data tied to individuals, and this is only set to accelerate as the scope of the IoT grows. By 2020, it is expected that for every person on the planet, there will be forty devices connected to the internet – an overwhelming trove of data linking person to product or service.
As we continue to acclimatise to managing our lifestyles through a network of inter-connected devices, so too is the business world embracing this development in a big way – and facing the risk to data that comes with these new technologies. The European Parliament, Council and Commission have addressed this risk early on, with the GDPR set to come into effect May 2018.
Data protection is an increasingly important issue for many consumers, who are experiencing a growing loss of control over their own personal data. Corporate cyber-attacks are becoming increasingly sophisticated and data breaches to organisations such as Yahoo and Ashley Madison have had real-life ramifications for customers, leaving them, and companies, exposed. With an individual’s personal and financial information at risk, many are understandably wary of how this is protected and feel an increasing loss of control over their data.
The threat of a cyber-attack is also much more significant when it comes to connected devices. If not correctly protected, hackers will be able to infiltrate other devices simultaneously, meaning they could potentially have access to larger amounts of private data. We have already seen law firms pursuing potential claims regarding TalkTalk’s data breach, and further claims are expected as this technology becomes increasingly commonplace.
Responsibility for data protection ultimately falls to the organisations gathering and storing it. The GDPR is an attempt to standardise data handling across the EU, and give citizens back control of their own information. Though a priority for many businesses will be to avoid paying out hefty fines for failure to comply, it shouldn’t necessarily be considered a headache for companies to contend with.
GDPR compliance is an opportunity for organisations to build consumer trust by improving the stringency of internal data protection policies. Organisations across the EU, if they have not already, must begin seriously preparing for the new regulations and increase customer control over personal data.
By Tim Smith, partner and head of cyber at insurance law and risk firm BLM.
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.