Skip to main content

How Is GDPR Affecting Cyber Security Management?

The General Data Protection Regulation (GDPR), passed by the European Union in May 2018, will have long-lasting ramifications for many businesses in the United States. The European laws impact domestic companies due to three factors, including the boundary-less nature of the internet, multitude of multinational corporations and language in the regulation that stipulates that any company (inside or outside the EU) that collects data from an EU citizen must comply with the GDPR.

As the HIPAA Journal explains, “the physical location of the institution, organization or business is not as important in determining the need to comply with the GDPR as the physical location of the data subject – the individual whose data is being collected, processed or stored.” Thus, any organization worldwide that conducts business (or merely collects data via their internet presence) in the EU must comply with the GDPR or face potentially steep consequences.

A Look at the GDPR

In 2012, the European Commission, which proposes legislation for the EU, made data protection of EU citizens a priority. Over the next four years, the commission developed policy recommendations that were later formalized in the GDPR. The law also codifies the so-called “right to be forgotten,” which allows EU citizens to petition search engines like Google to remove data “no longer needed for their original processing purpose,” according to the EU’s official webpage on the GDPR.

Nearly every aspect of modern life (retail transactions, social media companies and government records, for instance) revolves around data and the collection and storage of personal information. The GDPR fundamentally alters that power dynamic by giving EU citizens greater control over their personal data. A ZDNet article explains that the GDPR “aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.”

For U.S. companies with EU clients, GDPR compliance requires that personal data is gathered legally and only under certain conditions. Furthermore, businesses are obligated to protect personal data from misuse and exploitation while safeguarding the rights of data owners. Failure to comply with any part of the GDPR may result in penalties.

Impact of the GDPR on Cyber Security Management

Cyber security managers across the United States are examining their cyber security protocols to ensure compliance with the GDPR. Whereas data breaches in the past could be addressed through PR channels, the loss of personal information could mean legal trouble for companies under the GDPR.

“You will have significantly more legal liability if you are responsible for a breach,” said the UK’s Information Commissioner’s Office in the aforementioned ZDNet article. “These obligations for processors are a new requirement under the GDPR.” Thus, revamping cyber security protocol and systems to comply with today’s data privacy laws is more than a trend in the field. It is a necessity for the modern, global organization.

Bluefin article described how GDPR regulations impact the ways U.S. companies address transparency and consumer consent. One key aspect of this is the GDPR’s requirement that businesses attain “explicit, informed consent.”

This has resulted in the increasing use of multiple consent boxes and various options to reject or manage customer data use. Under the new standards, companies can no longer deluge customers with thousand-word terms and conditions. The GDPR stipulates that each term must be written clearly. Consent for each term must be signed separately, and consent must be renewed regularly. Additionally, the GDPR restricts how companies share customer data.

The GDPR leaves little wiggle room for reporting. Once data has been found to be breached, the regulations allow no more than 72 hours before authorities must be notified. Consumers must be notified of high-risk data losses “without undue delay,” according to the GDPR. Businesses that do not comply with the GDPR may be fined up to 20 million euros or 4% of annual revenue, depending on which is higher.

Assuring compliance with the GDPR is just one regulatory issue creating global demand for qualified cyber security professionals. The world is increasingly interconnected, and combating cyber crime requires comprehensive training. The online Master of Business Administration with a specialization in Cyber Security Management from St. Thomas University prepares students to meet the challenges posed by the GDPR and other evolving regulations.

STU’s online MBA in cyber security management covers network security, cyber security technologies, cryptography, risk management, cyber security management law and more. All courses are taught by STU faculty, and the degree can be completed in as few as 12 months.

Learn more about the STU online MBA with a specialization in Cyber Security Management.

Related Articles

Our Commitment to Content Publishing Accuracy

Articles that appear on this website are for information purposes only. The nature of the information in all of the articles is intended to provide accurate and authoritative information in regard to the subject matter covered.

The information contained within this site has been sourced and presented with reasonable care. If there are errors, please contact us by completing the form below.

Timeliness: Note that most articles published on this website remain on the website indefinitely. Only those articles that have been published within the most recent months may be considered timely. We do not remove articles regardless of the date of publication, as many, but not all, of our earlier articles may still have important relevance to some of our visitors. Use appropriate caution in acting on the information of any article.

Report inaccurate article content:

Request More Information

Submit this form, and an Enrollment Specialist will contact you to answer your questions.

  • This field is for validation purposes and should be left unchanged.

Or call 855-215-4021

Begin Application Process

Start your application today!
or call 855-215-4021 855-215-4021
for help with any questions you may have.