If you start an engineering company today a lot of your operations - both on-site and at the enterprise levels of your business - are vulnerable to being hacked. This is due to the number of technologies which are connected to a cloud-based or internet-connected framework.
The infrastructural technologies of the world are not the only entities under attack - the data the technologies generate and the general data that a company stores can also be potentially stolen. In 2017, ransomware attacks became more frequent than ever. Small businesses were targeted, but so too were UK and US hospitals; they were slowed to a halt due to being locked out of their in-house, internet-connected technologies.
Source: Pixabay
The topic of data protection became compelling when companies like Facebook - who have the data of more than 1 billion people - allowed data to be sold to bidders. The issue, therefore, needs to be two-pronged; companies need to establish an ethical approach to handling data and a new band of engineers, the data protection engineers, need to carefully secure data so that it cannot be stolen.
Protecting individuals
Whilst complex security solutions for utility-scale technologies are designed and implemented, individual data - that we humans freely give to every new app that emerges - is undergoing new levels of protection.
You may have received an onslaught of emails recently from the services you have signed your data away to. This would have been due to the European Union’s new General Data Protection Regulations (GDPR). And whilst it may seem that only Facebook and Twitter need comply with the regulations, the company you work for, or own, might need to take note too.
The regulations insist companies have clarity on the location of their stored data and who has access to it. The personal data of individuals within companies has to be adequately protected unless they want to risk being fined by the relevant authorities.
Companies doing business with clients and customers in the European Union need to, as PricewaterhouseCoopers puts it, “make changes to their data privacy, technology and oversight processes”.
Similarly, those investing in a company need to be protected.
Source: Pixabay
Under the new regulations, individuals may ask a company to remove any of their details from databases unless their details are legally required.
If a cyber-attack occurs, and data is compromised, a company must alert authorities within 72 hours.
The new regulations essentially ensure a client’s right to be forgotten when they cease being a client. The party involved can contact the company and ensure that all traces of their data are eradicated from all servers the company has.
Non-compliance could lead to fines of up to 4% of a company’s annual worldwide revenue. PwC reports that in the United States, 3 in 4 companies will invest up to US$1 million in an effort to be GDPR compliant.
Companies who believe they already have a reasonable level of protection for the personal data of their staff and clients can rest easy for now.
Works Cited
Nadeau, Michael. “What Is the GDPR, Its Requirements and Deadlines?” CSO Online, InfoWorld, 23 Apr. 2018, www.csoonline.com/article/3202771/data-protection/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.html?page=2.
PricewaterhouseCoopers. “SA Companies Doing Business with EU Customers Need to Consider Making Changes to Their Data Privacy.” PwC, www.pwc.co.za/en/press-room/sa-companies-eu-customers-changes-to-data-privacy.html.
