On May 25, 2018, the General Data Protection Regulation (GDPR) will go into effect. Residing in the U.K., I hear a lot about the upcoming deadline, and the implications it has on European Union (EU) citizens. However, since GDPR is an overarching data protection policy that defends EU citizens in the event of a data breach, I fear that many none-EU companies don't fully grasp the implications the regulation has on them. GDPR affects most global corporations, not just EU-based companies, by classifying its application to the nearly 512M EU citizens, not to the location of the breach. Companies that do business with EU, which, let's face it, in today's global society, is nearly every business from hospitality and banking to airlines and technology, can be charged in the event of a breach. And with fines as much as 4 percent of a company's global revenue, GDPR is something that we ALL should be taking seriously.
To demonstrate how a GDPR breach could affect your company, I'll share a few examples from my personal experience. I am a U.K. citizen; therefore, GDPR rules protect my data. I am also an employee of a U.S.-based company, which means I travel throughout the world, taking trips to the U.S., Africa, Japan, Australia and various South East Asian countries every year. Therefore, my personal data is held by many of the airlines I travel on through their frequent flyer programs, many of which are non-EU airlines. Thus, a data breach on any of these airlines would undoubtedly affect me, an EU citizen.
Another example can be seen in social media. I recently was asked by LinkedIn if I would like to give the company permission to "make data available to nearby Bluetooth devices even when you're not using the app." In essence, the application wanted to use my location to help connect me with individuals nearby, most likely to build better business connections. While I declined this request, had I accepted, LinkedIn would have held my personal location data. The company was hacked in 2012 with a breach of 167 million account details and passwords, so a similar breach later this year would be a breach of the GDPR rules.
I recently came across a fascinating website that serves as a search engine for online devices, which, left unsecured, can be a breeding ground for GDPR offences. Shodan networks itself as the world's first search engine for internet-connected devices. At the time of this blog, I conducted a search for printers and found 292 network printers, all of which contained open ports and published IP addresses. I wonder how many of those printers employ a secure print management solution? While these printers are located across the world, with the top locations being the United States, India, Canada, the Russian Federation and Spain, it’s an open invitation for unscrupulous individuals to access those companies’ networks and pull data or eavesdrop. Again, these printers are likely to include information from EU citizens.
It isn't hard to see how GDPR affects just about every business in every country around the world. If you're interested in locking down your computers, printers and mobile devices with secure authentication solutions, RF IDeas can help.