Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense
Attacks Cloud Data Executive Decisions IoT Malware Mobile Network Security Strategy Threat Defense

Countdown To GDPR: Google Advises Partners About Disclosure, Consent

Add bookmark
Dan Gunderman
Dan Gunderman
03/28/2018

In less than two months, the EU’s most significant data privacy regulation in decades will become enforceable.

The General Data Protection Regulation (GDPR) not only strives to return a measure of data ownership back to citizens, but it also has teeth – as it can fine EU-data-handling enterprises up to 4% of annual turnover for noncompliance.

The measure – subject of the Cyber Security Hub’s March Market Report – was approved April 14, 2016 and given a two-year grace period before taking effect. This meant that enterprises handling EU data had ample time to become compliant. Some cyber experts suggest that many multinational companies have taken action to reach compliance for the deadline. For other organizations, however, what they don’t know could spell steep financial fines.

The scope of the GDPR makes it signature legislation – the likes of which arguably haven’t been seen since the Data Protection Directive 95/46/EC, approved Oct. 24, 1995. The Directive’s attempts to regulate the fledgling Internet were both crucial and enduring. Many of the same principles have carried over into the GDPR – which now takes into account the proliferation of smartphone technology, plus the Internet of Things (IoT) and cloud computing.

Outside of significant fines, the GDPR also loops in all organizations that handle EU data, even if they reside outside of EU jurisdiction. Breach notification principles are revamped in the GDPR – meaning notification must be done within 72 hours of becoming aware of the incident.

[inlinead]

Cyber expert, TV commentator and author Adriana Sanford previously told the Cyber Security Hub that the breach notification components of the GDPR will heighten visibility for affected enterprises within the EU, and because of social media and the 24-hour news cycle, will be equally visible for organizations within the U.S.

Data subjects also have the right to know where the data resides, and the GDPR affords them the “Right to be Forgotten” – so, parties can have their data scrubbed. Other highlights include “Privacy By Design” (security can and should be baked into the orchestration process), and the right to transmit data. Perhaps the most crucial element of the GDPR includes the appointment of a Data Protection Officer (DPO) to handle data monitoring.

On whether these larger measures can be effective, drive change and streamline governance, risk management and compliance (GRC) processes, Sanford said, “If citizens and countries don’t work together, we can’t prevent borderless crimes. (Criminals) can go to places where the laws are lax. There, it’s difficult for us to do anything.”

Giving his take on the GDPR’s impact on the global ecosystem, Senior Program Manager for IT Security, Jamal Hartenstein, said that in the U.S., more exacting laws at the state level could emerge.

“I imagine some companies may (also) do what Ford did with the Pinto,” Hartenstein previously told the Cyber Security Hub. “Ford was aware of the dangers their product posed to consumers, but it was cheaper to pay the penalties than the cost to make it safe.”

GDPR MMR Callback Story Google Partners Compliance

Photo: Annette Shaff / Shutterstock.com

Google's Stake In GDPR

What’s more, Google made headlines last week after emailing their partners about precautionary measures for the GDPR rollout.

According to Search Engine Roundtable, Google emailed partners including AdSense publishers, Admob advertisers and others about their “responsibilities for making disclosures to, and obtaining consents from, end users of (their) sites and apps in the EEA (European Economic Area).”

The same report notes that Google wrote: “Google’s EU User Consent Policy is being updated to reflect the new legal requirements of the GDPR.” This policy is incorporated into the contracts for most Google ads and measurements products.

The company said it has also been rolling out updates to its contractual terms for products “since last August.” This reflects “Google’s status as either data processor or data controller under the new law,” the partner message reads.

Under “Product Changes,” the tech giant wrote that it will be “launching new controls for Google Analytics customers to manage the retention and deletion of their data.” Also, Google aims to explore “consent solutions for publishers, including working with industry groups like IAB Europe.”

With the GDPR measure now weeks from implementation, it is clear that global corporations are taking vast measures to be compliant! Stay tuned to CSHub.com for more GDPR-related content.

Be Sure To Check Out: CISO Calls For Sweeping Policy Changes To Address Cyber Concerns

Tags: Cyber Security InfoSec Data Privacy GDPR General Data Protection Regulation EU Breach Notification DPO Google Partners Email Compliance Measures

Upcoming Events

Building cyber resilience

24 April, 2024
Online

Register Now | View Event
Building cyber resilience

Building high-performing development teams: Harnessing tools, processes & AI

02 May, 2024
Online

Register Now | View Event
Building high-performing development teams: Harnessing tools, processes & AI

Digital Identity Week

June 11 - 13, 2024
Melbourne, Victoria

Register Now | View Agenda | View Event
Digital Identity Week

Anti-Financial Crime Exchange Europe 2024

September 19-20
Frankfurt, Germany

Register Now | View Agenda | View Event
Anti-Financial Crime Exchange Europe 2024
MORE EVENTS

Follow Us

         

Latest Webinars

Building high-performing development teams: Harnessing tools, processes & AI

2024-05-02
11:00 AM - 12:00 PM EDT

Discover how to enhance your development team’s efficiency through advanced tools, Agile methodologi...
Building high-performing development teams: Harnessing tools, processes & AI

Building cyber resilience

2024-04-24
11:30 AM - 12:30 PM SGT

Why it’s essential that technology seamlessly connects IT, security, risk and the business
Building cyber resilience

Strategies to enhance secure customer onboarding

2024-03-27
11:30 AM - 12:30 PM SGT

Focus on achieving speedy and secure customer onboarding and combat user lifecycle fraud with phone...
Strategies to enhance secure customer onboarding
MORE WEBINARS

RECOMMENDED

FIND CONTENT BY TYPE

Cyber Security Hub COMMUNITY

ADVERTISE WITH US

Advertise Now

JOIN THE Cyber Security Hub COMMUNITY

Join CSHUB today and interact with a vibrant network of professionals, keeping up to date with the industry by accessing our wealth of articles, videos, live conferences and more.

Learn more
iqpc logo

Cyber Security Hub, a division of IQPC

© 2024 All rights reserved. Use of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookies Settings.

Careers With IQPC| Contact Us | About Us | Cookie Policy