Data Protection Regulation “to show its teeth” in 2019

cyber security

As we move into 2019, it’s clear that firms globally will be doing more to catch up with the legislation of the GDPR. The obligation was encapsulated by the attitude of Tim Cook addressing a conference of European privacy commissioners in Brussels earlier this year.

The Apple boss called for new digital privacy laws in the US, and advised that data privacy is a fundamental human right, before describing how the collection of large swathes of personal data is harming society.

Chiming with this outlook, Chris Baker, SVP and GM EMEA at Box says that 2019 will see the world trying to live up to the legislative example set by Europe, as similar regulations are created in jurisdictions worldwide.

“Organisations must ensure they are compliant with regional data privacy regulations, and more GDPR-like policies will start to have an impact.

“This can present a headache when it comes to data management, especially if you’re operating internationally. However, customers will have trust in a business when they are given more control over how their data is used and processed. And customers can rest assured knowing that no matter where they are in the world, businesses must meet the highest bar possible when it comes to data security.

“Starting with the USA, in 2019 we will see larger corporations opt-in to GDPR to support global business practices. At the same time, local data regulators will lift large sections of the EU legislative framework and implement these rules in their own countries. 2018 was the year of GDPR in Europe, and 2019 be the year of GDPR globally.

Dr Klaus Gheri, VP and GM of Network Security at Barracuda networks feels automation will play a key role in legal compliancy over the next 12 months.

“Migration to the cloud has become a megatrend. This has led to new requirements in terms of securing services and the required infrastructure. In particular, star-shaped WAN topologies with central Internet access must be redesigned with regard to their compatibility with increasing use of cloud services – keyword SD-WAN.

“IoT and Industry 4.0 also open up new areas of attack. Companies should increasingly think about device recognition in the network in order to segment out smart devices accordingly.

“Even if it is a truism, e-mail remains the primary gateway for malware. Users can now protect themselves much better against this with intelligent email security products. There is still a lot of catching up to do here.

“Therefore, all necessary security technologies should always be preceded by a well-founded education of the employees. Companies must develop a comprehensive security awareness programme that addresses the most important security issues. The solutions will continue to evolve towards automation in 2019.”

Rohan Massey, European head of privacy and cybersecurity at Ropes & Gray, says:

“2019 is set to be the most important year in international data transfer compliance since the Safe Harbor agreement was struck down in 2015. This is because the ECJ is expected to rule on the validity of the European Commission’s standard contractual clauses, which many businesses use to transfer personal data outside the EU.

“Given that the SCCs are being challenged on the same grounds used to invalidate Safe Harbor — that US law does not protect European citizens’ data against the NSA’s mass surveillance programmes — we think it likely that the ECJ will also strike down the SCCs in their current form.”

“The proposed ePrivacy Regulation is unlikely to be agreed before the EU parliamentary elections in May, meaning that the text won’t be finalised until 2020 — and may not take effect until 2022.

“The level of disagreement between Member States and the intense business lobbying over the text don’t augur well for a speedy resolution. That said, the interplay between the GDPR and the existing Directive on critical areas such as cookie consent makes the likely delay in getting the Regulation agreed somewhat less detrimental.”

“Companies and data protection lawyers spent the latter half of this year waiting in vain for the first blockbuster GDPR enforcement action. They are unlikely to be disappointed in 2019, as regulators conclude their ongoing investigations and the incidents caught by the previous law fade into the rear-view mirror.

“Whilst it’s likely that there will be multiple seven-figure fines, we wouldn’t be surprised to see a EUR 10 million penalty issued — most probably by the Irish, French or UK authorities, although there are 25 other regulators that will also be keen to show their teeth.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.