The effects of General Data Protection Regulation on the IT industry?

-
We expect that GDPR will bring back part of the data to the EU. Data controllers will give preference to local data center providers in the courtiers where personal data is collected as it will decrease the amount of paperwork and reduce the risk to be penalized. And here Jelastic meets the needs of customers partnering with 25 service providers that have data centers in EU and well-conceived processes of data collecting.
From the other hand, the majority of data controllers (i.e. website owners, mobile app developers, SaaS solutions) should improve both technical and legal aspects of personal data security within their companies to be compliant with GDPR and avoid fines.
In cloud industry, we will notice increasing demand on migration services and bigger attention to lock-in issue as many companies will have to shift from untrusted public clouds that are not compliant to domestic data center providers or even to on-premise private clouds. The demand for hybrid and multi-cloud will also grow.
The most impactful provision in my line of work is the 72-hour breach notification requirement: when a breach of customer data occurs, you have 72 hours to report it. That is really fast. Hackers don't put up a sign telling you when they broke in and what they stole. It can take weeks or months to figure out exactly what they did, and in particular, which customers are affected and in what way. This is why you often see a company make an initial breach disclosure that says X accounts were affected, then later the company changes the number of accounts to Y. It's unclear how the industry and regulators will deal with the uncertainties of a real-life breach investigation.
Small incidents, like sending a customer's info to the wrong email address, happen a lot but are relatively easy to handle. Realistically, a large breach that impacts customer data is a very rare event, one which most companies will never experience. But you still have to prepare for it. This requires establishing expedited investigation procedures, ensuring tools gather all needed information, drafting notification templates and/or having legal counsel on call, and establishing clear criteria for deciding when to perform a notification. You'll also want to practice it a few times.
I think broadly across the industry there is support for the idea of breach notification, especially unified across a large region like the EU rather than piecemeal in every country. Various US states and countries already have disclosure requirements for various types of incident, and unifying them can be beneficial. But there is a lot of concern both about the 72-hour timeline, which is really tight, and how the rules will be enforced. I personally expect that we'll see a large number of precautionary disclosures that are later revised, causing confusion among the public. I also expect the regulators will find some people to demonstrate that their new law has teeth. I expect they'll find no shortage of qualifying incidents that were not properly reported by second-tier companies that do not have the sophisticated incident management capabilities of the tech giants.

Comments

Post a Comment

Popular posts from this blog

টাইলস নিয়ে সব সমস্যার সমাধান

-
Image
সিভিল ইঞ্জিনিয়ারিং এর অন্যতম ফিনিশিং আইটেম, টাইলস নিয়ে থাকছে এই পোস্ট এ। কি কি থাকছে ? ১.টাইলস কি ২.টাইলস এর প্রকার ৩.ওয়াল টাইলস এর কাজ ৪.ফ্লোর টাইলস এর কাজ ৫.টাইলস কত পিস লাগবে তার হিসাব ৬.টাইলস এর জন্য মালামালের হিসাব 👷 👷 👷 👷   # টাইলস  কি ?  👷 👷 👷 👷 সিভিল কাজে টাইলস একটা ফিনিশিং আইটেম। আগে ফ্লোরে নেট সিমেন্ট ফিনিসিং করতো আর এক্সপেনসিভ আইটেম বড়জোর মোজাইক আর এখন টাইলস অন্যতম ফিনিশিং আইটেম ।টাইলস হল সর্বাধুনিক ফ্লোর ফিনিসড এটা স্থাপনে জটিলতা নেই দেখতে সুন্দর এটা ফ্লোর ওয়াল দুজায়গাতেই করা হয়।টাইলস সাধারনত ফ্লোর,বাথরুম,কিচেনের ভেতর ই কমনলি লাগানো হয়। 👷 👷 👷 👷  #টাইলস এর প্রকার  👷 👷 👷 👷 আমরা এখন অনেক প্রকার টাইলস ব্যবহার করেঃ থাকি যেমন:- ১। ফ্লোর ও ওয়াল টাইলস ২। রাস্টিক টাইলস ৩। পেভম্যান্ট টাইলস ৫। সিরামিক্স টাইলস ৪। সিটি-৫ টাইলস বা বির্ক বিভিন্ন সাইজের টাইলস বাজারে পাওয়া যাই ফ্লোর ১২"x১২, ১৬"x১৬", ২০"x২০" ২৪"x২৪",৩২"x৩২",২৪"x৪৮" ইত্যাদি ওয়াল ৮"x১২", ১০"x১৩", ১০"x১৬", ১২"
Read more

Protected health information

-
The HIPAA Privacy Rule protects most individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral. According to this rule protected health information is information , including demographic information, which relates to: the individual’s past, present, or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual. For example, a medical record, laboratory report, or hospital bill would be PHI because each document would contain a patient’s name and/or other identifying information associated with the health data content.
Read more

Open DNS :: Easy and Fast

-
When you type in a website name in your browser (for example,www.google. com), it is translated into a numerical address (i.e., IP address) that is used by your computer to communicate with the server. The piece of software that translates the name www.google. com (the domain name) into its numerical counterpart is called the Domain Name System (or DNS, in short). When you connect to the Internet through your Internet Service Provider (ISP), a DNS provider is assigned to your computer by the ISP. OpenDNS  is a public DNS service that can be a replacement for the DNS provided by your ISP. There are several reasons why you want to use OpenDNS instead: Performance: OpenDNS operates on top of 24 global data centers are strategically located at the most well-connected intersections of the Internet. It boasts DNS responses that are faster than anyone else. Security: OpenDNS automatically blocks phishing attacks and identity theft. While it is not possible to block all possible phishing
Read more