Another day, another GDPR mail
by VPNHaus | 06/14/2018 | Data Security
And so we return to the discussion about the consequences of mishandling data. It doesn’t matter whether hackers steal and sell the information, a foreign nation state carries out a kind of illegal census or whether a company itself – like Cambridge Analytics – misappropriates data for an unintended purpose. The fact is that everything possible will be done sooner or later, including misuse of data. The most effective way to prevent this is to only store data which is really necessary or, as the second best option, to keep control over data and request deletion. Government representatives can continue to conjure up the image of crumbling factories – data economy is necessary, because as any number of reports each month shows state and private organizations are not willing or able to protect the data entrusted to them.
The GDPR may be cumbersome and go too far for many bloggers and small businesses, but it is a necessary inconvenience. User data is one of the most valuable resources for all market-leading companies. It is not without reason that Data Analytics and Big Data are trending growth topics in companies. Future business models are consistently data-centric, whether insurance policies, e-commerce pricing or shared mobility offers. That doesn't have to be a bad thing, but until now customers could decide for themselves whether or not to accept an offer. Those who have volunteered their data whether intentionally or unintentionally and can no longer control it, may have to take advantage of the offers they receive because they have no alternatives.
But to get back on track: In the past, data protection and information security were often treated separately, although they overlap. With the GDPR, which basically requires process optimization and documentation, there is the opportunity to combine both topics within an information management system (ISMS). Data protection is not the same as information security, but without information security there is no data protection. It's high time to bring both aspects together to benefit both data subjects and data controllers.