In force since 2018, the European General Data Protection Regulation (GDPR), aims to regulate the use of personal data pertaining to European users by organizations (companies, communities...) of any kind. The GDPR imposes stricter standards on companies in terms of both data security and cybersecurity.
1. Data security: a priority of the GDPR
With the GDPR, the European Union has reversed the responsibilities for data security. It is now up to organisations, and companies in particular, to ensure the security of personal data. This revolution has meant that all processes for collecting personal data must be brought into line.
The securing of personal data under the GDPR must lead to data anonymisation to guarantee the confidentiality and integrity of all personal data.
2. GDPR and cybersecurity: the new obligations of companies
The GDPR imposes many new obligations on companies to secure their users’ data. These include the encryption of data and connections, whether related to their storage or to transfers, but also reinforced authentication measures with, in particular, the generalization of electronic signatures, or measures to access stored data.
These obligations are particularly restrictive for companies, but also have made it possible to strengthen data security and, beyond that, the cybersecurity of organizations in general. By raising standards and increasing privacy safeguards, the GDPR has helped to reinforce companies’ cybersecurity concerns at a time when cyber-attacks have become a growing and increasingly problematic phenomenon.
Through gradual and scalable implementations, the GDPR has above all allowed companies to strengthen their defences at their own pace and according to the specific needs of each organization. Cybersecurity is not an on/off switch, it is an iterative process where efforts made one day reinforce those implemented the next day.