The Dutch Wet bescherming persoonsgegevens (Wbp) is also referred to as the Dutch Data Protection Act. It has been in effect since September 1st, 2001, and it impacts European guidelines on personal data privacy. A new legal obligation component of this act is going into effect very soon, and if your company or organization acquires and maintains security of personal information it will greatly affect your process and resources as we move into the future. The new update will also impose stringent costly penalties for non-compliance. Regarding the impact on the consumer – and data storage in general - it is a positive direction.
Cyber threat is on the increase
Privacy threat is increasing exponentially as a result of more and more corporations acquiring personal information from individuals. Personal data is used by so many enterprises in so many different ways, from online banking and loans, stock and bond purchases, ecommerce, in-store purchases, to customer profiling, ad targeting, consumer habit tracking. Recent highly publicized data breaches have occurred within major retailers and banking institutions, and as more data is acquired there will certainly be new possibilities and attempts to exploit the security of how this personal date is protected.
The threat to individual privacy is on the rise. Additionally, it is anticipated that threats to government secrets and intellectual properties will increase and become more diverse both in where they originate from and what information is targeted. Since many companies in the private sector are getting more and more governmental interactions and contracts, this type of high level confidential data can also be compromised through cyber theft of non-governmental sources. New legislation increases the accountability for those who collect and maintain data. Let’s explore the details.
The college bescherming persoonsgegevens (Cbp) and data breach notifications
The new law regarding cyber security will start in the Netherlands and then go to all European nations. Even though the law’s reach will be within the jurisdiction of Europe, many American companies will be effected because of their ties and business dealings within the area of the law’s jurisdiction. For enterprise today, it is one very small big world – with an abundance of interconnections worldwide.
The main obligation stipulated in the new legal changes revolves around notification of data breaches. Within a very short period of 24 hours, organizations are expected to notify the regulators of any breach to their data.
In addition to the regulator notifications, everyone affected by the compromise of their data privacy must also be contacted. A full disclosure of the scale of the data breach, the documented consequences, and the measures taken for correction are all details that need to be given to everyone who impacted by any invasion of their personal and private data.
Upcoming data privacy regulations in Europe
The upcoming General Data Protection Regulations (GDPR) will impact internal personnel decisions and security procedures for all companies who host and protect data. It makes it mandatory to maintain this private data in a way that demonstrates extreme diligence in all elements of the incorporated systems and procedures.
If an amount of over 5,000 private individual’s data is collected, an expert and professional Data Protection Officer (DPO) needs to be appointed, with the responsibility of the overview and management of data control within the organization. This applies to both the public and private sector. If the elements of this law are not incorporated properly, there could be the levy of fines and penalties of up to 100 million Euros or 5% of the company’s gross income – whichever is highest!
With this degree of governance and financial consequences, non-compliance is not an option. While individual countries were already adopting more stringent cyber security standards, the GDPR will solidify increased protection and conformity throughout all European nations.
Cyber crime theft of personal, corporate or governmental Information
This is all a good thing. While 100% protection of private and personal data is virtually impossible, these modifications to existing current regulations are a major step in a proactive new direction. Data can be compromised for a number of reasons and different goals by the individuals or contingents attempting to exploit weaknesses in data storage systems. Personal data can be sold underground for a fluctuating per piece going rate.
While individual credit care info and banking data is currently sold in the one to ten dollar range, the enormity of the amount of personal information in any large data system adds up to quite a large payday. Social media credentials command much higher amounts on the black market, and can reach $100 per account. Cyber Crime can also be targeted from one company to another, or from governments to companies, companies to governments, and individual or organized teams of hacker towards almost any organization that maintains and stores sensitive or secret information.
The impact of terrorism on cyber security
Top government secrets, military and weapon details, infrastructure controls, communications, contingency plans, research and blueprints are all items of interest to a variety of terrorist groups. This information is digitally stored and thus subject to breaches. It is very possible that future terrorist attacks will focus more and more on using this data to compromise entire cities and established entities.
It is becoming an ongoing cat and mouse game with very high stakes.
Cyber terror will increase as certain terror organizations become more sophisticated in technology, and have access to the funds needed to exploit the cyber security measures incorporated by the best professional minds responsible for protecting valuable data of interest. Changing world events should be monitored and assessments made based on acquired intelligence.
The future of data protection
Currently the private sector is somewhat ahead of the public sector in the hiring of cyber security experts because they have the means to pay more for it. However, there is the additional consideration in the private sector that many top corporate executives are averaging 60 years of age, and they may not quite understand the entire scope of the data overview landscape as much as the next upcoming generation. As we all move into the future, it is acknowledged that this new legislation being adapted is a precursor to a much enhanced and coordinated effort to protect everyone’s data.
On the consumer level, when a major bank loses the confidence and trust of their customers – that can be devastating. We live in an age where more and more individuals are divulging personal data about themselves to many entities each day. It is being done often without even giving it a second thought. Companies can use this data in ways that can be beneficial to their customers, but their responsibility in cyber security will be crucial for their brand success in the digital age.
In the public sector, governments, the military, and infrastructures all need the utmost of security.
Even small breaches can be devastating, and major data compromises can even be the initial stage of forthcoming military strikes by aggressive nations or terrorist organizations. Protection diligence starts with a comprehensive assessment of risk – from a legal perspective and from and IT security view.
From Brand Protection & Intellectual Property to Security Management & Consulting, companies and organizations have to function at the breaking edge on the wave of the future. There will now be minimal choices – because the new law’s affect will be widespread, and the legislation compels all to be ready to comply upon its implementation.