The politicians thought that they were safeguarding us (the citizens they were charged with protecting) when they debated and then voted in the GDPR amendments to the Data Protection Act. As citizens we have the right to believe that those MPs who lack a technical education got advice from a variety of sources before they put their names to the bill.
But let’s face it, the act is not a deterrent to privacy abuse. The really big tech firms side step their responsibilities by retreating to other countries because they are based there:
Ireland’s draft GDPR decision against Facebook branded a joke | TechCrunch
Or change their names.
Facebook’s metamorphosis – will it work? – BBC News
Google unveils surprise restructuring under Alphabet – BBC News
Then there is this story from today.
Location data collection firm admits privacy breach – BBC News
When caught the corporate machine swings into action and various well written statements are made to officials and the public. Changes are made to their policies and procedures and they continue trading. Maybe after the lawyers have had their day, defending and mitigating the theft of citizen’s privacy, the company who did this will pay a fine.
But still people’s privacy has been violated and in this case that information was sold for a profit and then used for more profit. And in a few months we will see another story of another company violating privacy, apologising, explaining how they made the mistake etc etc.
Governments will not care about your privacy as much as you do – which means you have to make the decisions about it and take actions. The same goes for how your company treats privacy across your whole operation. You have to be responsible for your privacy actions.
Maybe you are a board member and are unsure how your operation treats privacy and want to know how that impacts your cyber-security. That is where our diagnostics, based on the international COBIT framework, can help any board get answers to these questions and help you create action plans to address any issues.
Once you have these results in writing it is easier to maintain and monitor your systems and always know the answer to how you treat privacy and what your cyber-security level is.
Clive Catton MSc (Cyber Security) – by-line and other articles