The GDPR imposes many new obligations on companies to secure their users’ data. These include the encryption of data and connections, whether related to their storage or to transfers, but also reinforced authentication measures with, in particular, the generalization of electronic signatures, or measures to access stored data.
These obligations are particularly restrictive for companies, but also have made it possible to strengthen data security and, beyond that, the cybersecurity of organizations in general. By raising standards and increasing privacy safeguards, the GDPR has helped to reinforce companies’ cybersecurity concerns at a time when cyber-attacks have become a growing and increasingly problematic phenomenon.
Through gradual and scalable implementations, the GDPR has above all allowed companies to strengthen their defences at their own pace and according to the specific needs of each organization. Cybersecurity is not an on/off switch, it is an iterative process where efforts made one day reinforce those implemented the next day.