Best State of Art IT Security Solutions
The best Innovative and powerful IT Security products

You are here: SecPoint & IT Security News

Waht is the General Data Protection Regulation GDPR?

The new General Data Protection Regulation (GDPR) EU Regulation 2016/679 is coming in 2018.

The GDPR is a regulation that the European Parliament the Council of the European Union and the European Commission intend to unify data protection laws and regulation.

This effects all individuals within the European Union (EU). The regulation has been adopted on the 27 April 2016. It will be in full force from 25 May 2018.

Businesses not following the regulation can be hit with large fines. Including up to 20.000.000 million Euro or 4% of the world wide turnover of the business.


Is GDPR good or bad?

The idea behind GDPR is to radically improve the privacy of all EU citizens.

There are still some questions about the effectiveness.

Are the privacy / security measures ecnomically resonable?

Will the expenses by administration be practical?

Who will be paying the extra costs?

Tax payers or data controllers?

Can we morally define the new privacy rights and simple externalize all costs involved by the legislation to third party or tax payers?

New expenses incrase for everybody by GDPR

GDPR is in the EU globally enforced. It can be a higher burden for small low budget companies.

It can increase their expenses and must force final prices to be higher than competitors outside the EU.

Is this fair to competition for companies inside and outside the EU?

What is the positive about GDPR?

  • New positive rights for EU citizens includes:
  • Right of erasure
  • Right to be forgotten
  • Right to access of all data of the person
  • Right to rectification
  • Right to restriction of processing
  • Right to object
  • Right to data portability
  • Of course all the cost of the positive rights must be beared by a party.

Large GDPR fines if violated

GDPR imposes large fines for infringements:

Up to 4% of the annual worldwide turnover and EUR 20 million if breach of requirements relating to an international transfer of basic principles for processing. Such as conditions for consent.

Up to 2% of annual worldwide turnover and EUR 10 million for missing encryption, failed obligation to notify the customer/state, missing Data Protection Officer.

Will companies leave the EU?

The threat of existential GDPR fines

They must still protect the EU citizens or pay the fines for ignoring this duty. But companies outside of the EU it can be technically diffult to enforce any penalties at all.

How does the EU really want to make impossible for international companies outside of the EU to process online data of EU customers without enforcing censorship?

Large incentive for international companies to simple leave the EU. If their expenses for GDPR compliance are to high and the right of GDPR fines for non compliance.


Can we expect another Internet Censorship of websites from international companies that deliveres their products to EU Citizens and decide not to follow GDPR rules?

This is already happening with online gambling companies.

How can breach be notified?

Notification by data controllers of data breached  must be done to the DPA the government. It must be done without undue delay and within 72 hours of awareness.

Can government be trusted?

According to different EU statistics there were multiple breaches & leaks in governments from Denmark, Germany, Slovak and other EU countries.

There might be great concern not to trust the goverment and their ability to be able to protect citizens data when it can not secure its own data.

Another fear institutions might have is the risk of bad reputation such as happening with the recent Uber incident.


How can businesses be affected?

All companies that stores data on citizens in the European Union (EU) even if there is no presence in the EU is forced to comply.

All organizations are forced to implement processes and procedures arround collection and storing of identifiable data (PII)

This means any data related to private, public, or professional life of an EU resident. Including IP addresses, bank information, e-mail addresses, social network information and more.

It must be ensured that PII is stored with permission of an authorized person and only used for specific purpose.

Non-compliance implies heavy fines 20 million Euro or 4% of global revenues.


Tips on how to prepare your organisation

Educate human personell and raise awareness of the new EU Directive

Closely monitor information.

Have sensitive data at local location.

Have secure verification & identification mechanism and only allow secure communication.

Have data leak prevention policies

Deploy data leak prevention systems.

Common misconceptions about GDPR

Small businesses can be exempt. There is no exclusion for any business no matter the size under the current GDPR for businesses.

When GDPR is in effect on May 25 there can be large data auditing

There might be a narrow group of companies that are on the target list to be audited first.

What will trigger GDPR is data breaches such as in the Uber case.

If your operation is outside the EU you are not effected

All companies even outside the EU if handling EU citizen data will be effected.

Personal Data is personal data under GDPR

There is a difference on private data and sensitive data.

  • Private data includes IP addresses, name, street address.
  • Sensitive data includes: Religion sex, political vview, union membership, level of education, medical records.
  • There are differences what you can do with each type of data and how it can be stored.
  • Sensitive data for instance is not allowed to be used for making business decision example to approve a mortagage or bank loan.

Companies that are not in the EU cannot be sued under GDPR

This is wrong. EXample there can be filed a class action suit in Italy against a Floriday company that has misused their personal data.

GDPR only relies on user provided data

Again this is not true since it applies to all data generated or collected of the user.

There is user consent of only one kind

Example with the cookie law before the GDPR. Sites that capture cookie data must have a specific disclaimer on the site that the user must accept.

The GDPR required consent is different depending on if granularity can identify you

Data privacy establishment behind the GDPR is only limited to Europe

It is pointed out GDPR like regulations is also coming in Asia Japan, Singapore, Australia.

In US states similar can be found in California, New York and Massachusetts.

 How can Encryption help with enforcing GDPR for a company?

It is more easy today than ever to enable encryption for desktop, servers,smartphones. This can make it difficult in a breach for attackers to obtain sensitive data

It will help to increase your GDPR compliance

It will help to possible decrease fines that could be put out by the government

In some cases you might have to notify effected users in a breach where you still have to notify the DPA.

It is really recommended to use encryption on everything.

Right to data portability

Data portability feature.

Is it all positive or are there a critical aspect?

GDPR is too expensive and complex legislation for most companeis to follow it correctly.

GDPR is vague and can be subject to corruption

New technologies will appear to help companies stay complient.

GDPR can over rule end to end mutually contracts between data subjects and data controllers.

GDPR externalizes all expenses.



Powerful UTM Firewall, Vulnerability Scanner, WiFi Penetration Testing software

SecPoint is specialized to deliver the best IT security solutions and products.

Compatible with Product
Securely protected by SecPoint
Customer reference King Customer reference New York Customer reference ROC Customer reference Rochdale Customer reference Roscrea Customer reference Tradetracker Customer reference Unicef Customer reference King Customer reference New York Customer reference Roc Customer reference Rochdale Customer reference Roscrea Customer reference Tradetracker Customer reference Unicef