The GDPR (General Data Protection Regulation) is not always a welcome measure at many companies. Some will comply, for fear of sanctions rather than as a proactive initiative. However, by securing the personal data of website users, the cybersecurity and data protection aspects of GDPR are proving to be an effective safeguard against cybercrime.
1. Securing the personal data of European Internet users
The GDPR is an European regulation in force since May 2018 that imposes binding rules on public and private organizations (companies in most cases) in terms of managing and processing the personal data of users of their internet platforms. The stated objective of the European Union: to secure personal data collected online!
Site managers must therefore now offer strong guarantees to remain in compliance with the GDPR in all circumstances. In France, the National Commission for Information Technology and Civil Liberties (CNIL) recommends six steps to ensure compliance: only collect the data that is really necessary, be completely transparent, organize and facilitate the rights of individuals, set data retention periods, secure the data and identify the risks, and include compliance in an ongoing process.
These are all major principles that need to be implemented and adjusted in the context of each organization and each company, and which concern both external users of sites and employees within a company. For all these reasons, the GDPR is often perceived negatively by site managers and by professionals in particular. However, despite its somewhat heavy workload, the GDPR brings significant advantages in terms of strengthened cybersecurity.
2. GDPR: bad news... especially for hackers
More than the impacted companies themselves, it is the hackers who seem to be the big losers of the European regulation which has contributed greatly to reducing the fragility of organizations in terms of ransomware during the last 2 years. The constraints put in place by the GDPR complicate their task and have played an important role in securing company networks, as well as the personal data of their users and employees.
The greater the limitation on personal data processed by companies (either in volume or in the length of time it is kept), the fewer opportunities that hackers will have to carry out their attacks and exploit sensitive databases to the detriment of users.
It is no coincidence that, according to the Provider Lens Cyber Security – Solutions & Services 2020 report, produced by the Information Service Group (ISG), French companies have moved upmarket and increased their cybersecurity skills since the GDPR was introduced. The web as a whole has become more secure as a result of the GDPR. By May 2019, one year after the launch of the GDPR, 39 500 French organizations had appointed a data protection officer (DPO).