Somebody, somewhere has their eyes on your data. But some of this data is not yours - it belongs to your customers. Rightly so, they expect you to protect it. You have a duty of care to safeguard and nurture their data. Fail in your duty to care for this data and it becomes vulnerable to hackers.
The Oxford Dictionary states ransom as “a sum of money demanded or paid for the release of a captive.” This captive could be your data. Whilst this is not a position you would wish to be in, you would be able to redeem your data through payment of a ransom. But, this is not the only thing that you need to consider. The damage may have already been done to your customer response times, computer networks and balance sheets. Could you redeem your reputation as a business as quickly as a Bitcoin transaction?
“Ransomware causes the NHS to come to a standstill as the attack results in 7000 NHS appointments being cancelled.”
Now imagine your organisation’s name in the title. And it’s not just organisations; The city of Atlanta was brought to a standstill in March due to a similar attack.
Wikipedia defines GDPR as “The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the 1995 Data Protection Directive (Directive 95/46/EC).”
GDPR becomes enforceable from 25th May 2018.
Many organisations traditionally have retained data for long periods in backup form as a cheap alternate to using content based archives. Under the new GDPR, fines may be levied if Personally Identifiable Information (PII) cannot be tracked and controlled effectively.
GDPR effects Data Protection in many ways: