In the context of the implementation of the GDPR. Guaranteeing the protection of personal data is a major issue for companies. Here are the essential cybersecurity rules to apply for good protection! In this context, we learn about how cybersecurity guarantee the protection of personal data.
Companies have always needed to acquire and store customer data to achieve their business goals and optimize their offerings. However, this amount of data collected has continued growing with digitalization, allowing companies to access and manage it more easily, provide more personalized services, and improve their performance.
What is personal data?
Cybersecurity is any information about a natural person who is identified or identifiable, directly or indirectly, by an identifier or one or more elements specific to his identity is considered to be personal data.
Examples include a surname, first name, email address, location, identity card number, IP address, photo, and social or cultural profile.
When this information is used, stored, or collected in digital or paper form, GDPR restrictions apply. But what is GDPR?
The General Data Protection Regulation, or GDPR
Since May 25, 2018, companies must comply with new European legislation, often known as the General Data Protection Regulation (GDPR). To fully understand what it is, watch the video below.
GDPR requires organizations to be more mature and have a comprehensive compliance management system in place. The idea of accountability requires companies to demonstrate their compliance with the law and the actions they have taken and plan to take at all times. It is not enough to bring a website into compliance and keep track of processing activities; long-term maintenance is required.
Although this regulation may appear to be an obstacle for the vast majority of companies due to the administrative burden and the severity of the fines, it has raised awareness of the importance of good collection management, data generation, and use.
Who is affected by this regulation?
With a few exceptions, the regulation applies to all processing of personal data (for example, security files remain governed by the States and processing in criminal matters).
Regardless of where the data is processed, the processors (companies, administrations, associations, or other bodies) and the processors (hosts, software integrators, and communication agencies, among others) must be based within the European Union (EU).
Data exfiltration by cybersecurity cyberattacks
Since November 2019, there has been a growing propensity to harass victims by exfiltrating their data and threatening to expose them on a website. The exfiltration of the data preceding the encryption, we then speak of double extortion.
Deliberate attacks on the security of information systems have also never been so numerous. According to an analysis by Moody’s, cyberattacks against financial institutions soared 238% globally between February and April 2020. Extortion attempts have increased ninefold over the past year.
Moreover, according to a survey titled “Enduring from Home: Covid-19’s Impact on Business Security”, 24% of the organizations surveyed have incurred unforeseen costs to deal with cybersecurity incidents since the start of the pandemic.
Spyware: a threat to privacy and personal data
Spyware is a program that infiltrates a computer system to capture a user’s browsing profile or personal information for commercial use or surveillance purposes. For example, you can spy on WhatsApp, a computer, or all smartphone activity: messages, geolocation, etc.
Generally, spyware installed within your machine will not damage data or modify applications. On the contrary, it will ensure that your entire system remains as it was before the attack occurred, allowing it to read and capture personal data that will then be redirected to the attacker.
This software is difficult insofar as it is very difficult to detect, and the damage is done when it is seen. Even today, this subject of cybercrime remains at the heart of the news, for example, with the Pegasus affair in recent years.
Violations are still common.
Despite fines of up to 4% of the company’s global annual turnover for the previous financial year, there are still abuses. Some small and medium-sized enterprises, believing themselves invisible to the sector’s giants and therefore immune to sanctions, engage in illicit actions such as “contests.” On its social media platforms, the company is holding a raffle. It then captures participants’ personal information and adds it to its customer database to send them targeted advertisements or newsletters afterward.
We also note nearly 10 million visitors registered on all of the CNIL’s websites. An increase of 21% compared to the previous year, with more than one million consultations of the Need help section. . The CNIL also received 13,585 complaints last year, an increase of 62.5% since the implementation of the GDPR. This figure, which remains high but stable compared to 2019, shows that the French are more aware of their rights.
Three years after its launch, what is the assessment of the GDPR?
Although the implementation of European regulation by companies has been progressive. And it is clear that over the last three years, a good number of organizations have started a process of compliance to strengthen and increase the data protection. of their customers or users.
The latter has established itself as a valuable strategic asset for organizations. On the other hand, the fines imposed by the Commission have increased sharply with the new legislation, as illustrated by the CNIL in 2020, by setting a total penalty of 100 million euros on GOOGLE LLC and GOOGLE IRELAND LIMITED.
Due to the increasing use of media and social networks, the proliferation of connected objects. And the speed of data transmission and the amount of personal data exchanged are constantly increasing.
On the networks, the anonymity and privacy of users are increasingly difficult to protect. Likewise, the financial attractiveness of personal and even sensitive data is fueling an upsurge in data theft. Businesses are finding it harder to build resilience due to cyberattacks’ increasing frequency and complexity.
Between 2019 and 2021, Anssi reports a 255% increase in cyberattacks. It includes a substantial increase in ransomware occurrences (blocking a company’s activities via malware for ransom): multinationals, small and medium enterprises, medical industry. In recent months, not a week has gone by without a cyberattack making headlines. Companies can no longer be satisfying with protecting their know-how or IT systems to remain trusted players. They must demonstrate resilience in growing cyber threats and implement real cybersecurity solutions.