IMPORTANCE OF “The General Data Protection Regulation” in Cyber Security World

A milestone in personal data protection
by Yagiz Atmaça, CTO and Co-Founder, Zemana

How much do we share on the internet?

Technology keeps on changing with every new day. The way we communicate and how we handle everyday tasks have dramatically changed.

It is almost impossible for us to imagine a day without the Internet. We use it for almost anything we need: sending emails, sharing documents, paying bills, purchasing goods… When we do this, we enter our personal details online without giving a second thought.

Our credit cards information, contacts, addresses, social media posts, and even our IP addresses are all stored digitally.

So, what happens to all that data? What if our personal details go to the wrong hands?

Hackers never sleep

We all need to be aware that our virtual world is full of cybercriminals who are jumping at every chance to take down companies’ websites, steal costumer’s personal data, and even more.

The fact is that hackers never sleep. Their motivation can vary but the result of their attacks is always the same – causing damage to companies and individuals. This damage can have an important impact on the finances and the overall reputation of the company.

As you probably know, the most popular attack methods that are used by cybercriminals are malware, DDoS attacks, email fraud, Domain Infringement, and Hijacking.

Even though hackers are constantly looking for new and improved methods, there is a way to stop them in their attempts at stealing personal information. In my opinion, the EU has found an effective way of preventing cybercriminals from obtaining confidential data. They called it “The General Data Protection Regulation” (GDPR).

What is GDPR?

We have already heard talks about GDPR. It is a European privacy regulation that is going to be implemented on May 25, 2018, across the entire EU and EEA region. In my opinion, the most positive aspect of implementing GDPR is providing citizens with better control over their personal data and giving them certainty that their information is being protected.

They will have an insight into how their data is used, and they will know who has access to their data. Every gathering of data by companies will be possible only if an individual has been informed about it. If a company (and clients’ data) becomes threatened by an external influence, one has the right to be notified within 72 hours.

Will it be difficult for companies to adjust to these requirements?

I believe that for many companies it will be difficult. However, they will have to adjust because the EU has set up very tough penalties for all those companies that do not comply – a fine of 20 million euros.

Going a step further

Years ago, when I was a student, I was carefully studying viruses. I was deeply researching and testing the behavior of various malware samples when I realized that, instead of just updating a virus database with known virus variants, the most effective way in fighting malware is developing security solutions based on behavioral characteristics.

What I am trying to say is that all suspicious processes/activities should be blocked automatically. On the other hand, virus databases were only capable of detecting known viruses, but they were unable to detect and fight against new zero-day malware.

Such newly created malware presented an enormous threat to personal data. Therefore, today most of the software solutions incorporate behavioral characteristics together with keystroke encryption into their technology.

I see that GDPR even goes a step further and promotes the encryption of pseudonymizing data. These solutions provide prevention and protection in two directions: making the data unreadable to the unauthorized use or masking the data to remove its ability to identify an individual. To do this, companies should constantly invest in their technology to improve their security against cyber-attacks, rapidly detect and respond to malicious threats, and

Final thoughts

The GDPR will give people more power over their personal data. On the other hand, it will decrease the power of some organizations who collect and use such data for monetary gain. Even though GDPR does create challenges and efforts for companies, it also creates opportunities. In my opinion, it is important for companies to understand that if you show to people that you can protect their personal data, they will trust you more and there are better chances that they are going to want to work with you. Companies who show that they are protecting individuals’ privacy, who are transparent about how their data is used, who invest in new and improved ways of handling customer data will for sure, build trust and acquire new customers and clients.

About the Author
Yagiz Atmaca, Zemana
Yagiz Atmaca is CTO and Co-founder of Zemana, mainly working on long-term product development strategies while guiding and pursuing the company’s overall strategies and vision. Yagiz can be reached online at [email protected]
and at our company website https://www.zemana.com/