I recently attended a lecture by a former FBI special agent on the topic of cybersecurity. Sounds cool, right? (It was!)
I’ve been paying close attention to the topic that is now top of mind for many since last summer, when I wrote this story for BizVoice® on fraud and cybersecurity issues, including what businesses should be doing to help prevent potential cyberattacks.
While I sat in a small room with 20 or so people who seemed genuinely surprised by much of what the former agent was saying, not much of it came as news to me (and I’m not bragging – I just went through my shocked phase last year when researching my story). But one thing I’d never heard before was something known as GDPR, an acronym for General Data Protection Regulation.
GDPR was passed in the European Union (EU) and takes effect in late May. It expands the rights of individuals under the regulation with regard to data privacy and places new burdens on companies or businesses that handle private data. And you might be thinking, “I’m in Indiana, not the EU.” And that’s true, this regulation primarily impacts users in the EU. But it also impacts any businesses or organizations that operate in the EU.
Indianapolis-based DemandJump recently posted a blog focusing on GDPR and how it impacts companies here in the United States, with links and a video to help others learn more about the potential impact:
From an internet user standpoint, this policy only affects those people located within the jurisdiction of the EU. However, companies that do business in the EU – regardless of where they are located – must also abide by the same rules, which has left many in the global technology industry reeling to meet these strict privacy standards by the May 25th deadline.
The GDPR is one of the first major legislative acts of its kind, but it certainly won’t be the last. The question is not whether the United States and others will pass a similar bill, but when.
At DemandJump, we have always believed in and respected the privacy of internet users, and we hold ourselves accountable for individuals’ rights to privacy and security. We also understand there is some sensitivity around data right now, and, well … we love data.
The truth is, data can be an amazing asset when used and handled responsibly, helping to automate, expand, speed up, and generally improve the world we live in. But those improvements should not come at the risk of individuals’ privacy.
Luckily for everyone, they don’t need to.
What is Data Privacy?
Check out this video from our very own Brad Wilson, Director of Engineering and Data Protection Officer at DemandJump about data privacy and GDPR.
In the context of GDPR – and the broader discussion about data privacy – the main goal is to put control over personal data back into the hands of individuals. This means that if any individual does not want to be recognized or known by a data consumer, they have the ability to instruct any system to “forget me”. This would trigger a string of technical actions which would anonymize their information, making it very difficult for any person, business or technology system to identify that person individually.
Fundamentally, this movement is not so much about restricting the usage of personal data as it is about giving control back to individuals. It’s about companies being open and transparent about what personal data they have on individuals, and about the way they handle that data.
For 10+ years there has been a lot of fuzziness and disparate regulation around data privacy and transparency. The EU is saying “no more”, and it’s highly likely that other regulatory bodies will follow suit.
Cybersecurity and data privacy experts will come together for the Indiana Chamber’s inaugural Cybersecurity Conference (in partnership with the Indiana attorney general’s office) on May 1-2. There’s still time to register for the two-day conference held in downtown Indianapolis, with focuses on responding to litigation following a data breach, vendor management, lessons from the defense industry and much more.