Even though data breaches have been a persistent problem for more than a decade, widespread cybersecurity regulations are still rare. That is changing with the recent rollout of the General Data Protection Regulation in the European Union. For the first time, businesses across the globe have to make cybersecurity a serious financial consideration.
The goal of GDPR is to create a sustainable digital ecosystem for all. That means making cybersecurity simpler for businesses and more reliable for consumers at the same time. European laws addressing privacy, consent, and personal information were largely drafted pre-internet. GDPR is a
GDPR addresses two core goals. The first is ensuring that personal information is collected legally and according to strict procedures. The current conversation about Facebook illustrates how urgent this issue is. The second goal is to ensure that any data collected is protected from misuse and exploitation. Just about any recent data breach would fall into one of these categories.
This set of rules is not unique in establishing policies and best practices. Where GDPR differentiates itself is in its punitive reach. Fines are based on the severity of the breach and the culpability of the company. At the low end, the fine is 10 million euros. In the worst instances, it's calculated at 4% of worldwide turnover, which could mean fines in the billions for major enterprises.
Companies rightly took notice when the parameters of GDPR were announced. Data breaches already have deep financial consequences and come with existing regulatory penalties. Ideally, GDPR will lower the rates of cyber incidents over time. If and when they do happen, however, they will be a lot more expensive than before. With these new regulations, the overall risk of cyber incidents has actually increased.
Why GDPR Matters for All Enterprise
It's easy to conclude that GDPR is just a European concern, but its focus is on digital data, and that has no real geography. The laws are written to reflect that. The rules and penalties outlined in GDPR apply to any business that operates within the EU, or that offers goods and services to customers within the EU. That means almost every major company must comply with GDPR.
The situation is the same for smaller companies. Even if they don't have a European office, it is likely that they ship products to European addresses, work with European suppliers, or consult with European companies. As a result, more of their digital activity is subject to sweeping cybersecurity laws.
Even the companies that are completely exempt from GDPR rules can't breathe a sigh of relief. This may be the first major cybersecurity legislation, but it won't be the last. Data protection and individual privacy are some of the most important issues of today and tomorrow. As consumers demand more oversight and better protections, global governments will step in and introduce their own versions of GDPR. In the near future, every business is likely to be strictly regulated on this issue.
The GDPR rules went into effect May 25, 2018, and companies have been looking for solutions that satisfy the strict standards of GDPR without creating price increases. Luckily, right before the rules went into place, an innovative new safeguard arrived on the scene.
What Blockchain Means for Cybersecurity
There is still a lot of confusion about what blockchain is and how it works. But when you strip away the technical details, the concept can be quite simple.
Blockchain gets talked about a lot in the context of cryptocurrency, but it's a concept with wide-ranging applications outside of finance. It's designed to be transparent and open, in addition to secure and anonymous, which are both principles that are crucial for cybersecurity. More specifically, blockchain is a tool that makes GDPR compliance easier and more certain at the same time.
GDPR requires companies to follow strict standards for data collection and protection, and blockchain provides verification that those standards have been met. For instance, if someone asks to delete his personal data, the blockchain would record receipt of the request and the completion of the destruction. Transparency leads to accountability.
GDPR also gives individuals greater control over how they exist online. If they request degrees of anonymity, companies must deliver it.
What Blockchain Means for the Future of Consumer Privacy
As companies adjust to GDPR, the integration of blockchain into existing cybersecurity strategies will become ubiquitous. I predict that the continuing GDPR integration will carry a number of consequences for data protection and consumer privacy in three ways:
Big business leads the way
The largest global interests face the most risk under GDPR, which is why they will likely be the first to adopt blockchain-based security in a meaningful way. These companies also have the resources to invest in cutting-edge technologies, unlike more conservative companies. Those investments will fuel a wave of new blockchain startups and nurture the overall blockchain ecosystem.
Companies with less to invest, or less to lose, will wait to implement blockchain — and likely enjoy better outcomes as a result. Late adopters will be able to choose from established providers, technologies, and practices, which means less uncertainty overall. The risk, however, is that by waiting too long, they flirt with GDPR noncompliance. Smaller companies will need to act cautiously but also confidently.
Cybersecurity becomes a global priority
GDPR effectively takes the cybersecurity goal posts and moves them further down the field. As the conversations about cybersecurity heat up, and more countries consider regulating the technology, GDPR will become the gold standard. Implementing anything less than those standards will be seen as a betrayal of consumer privacy and a shortsighted concession to business. As a result, some form of GDPR is likely to become a global standard in the near future.
Even in places that have a more business-friendly regulatory environment, like the U.S., new rules for data protection are likely. Rather than requiring specific protections to be in place, they might instead require companies to be more transparent about how they collect, use, and secure data. But even if new data rules take a different form, they will still require all companies to take a sweeping new approach to cybersecurity. Blockchain remains the most viable solution.
Blockchain gets more anonymous
The transparency of blockchain is its greatest asset, but privacy and anonymity are essential elements of cybersecurity. At present, blockchain technology is great at creating an immutable record. But it's not as functional when it comes to keeping users anonymous. Ironically, blockchain is also a tool that will help ensure the ironclad anonymity that consumers want and that regulators require.
In order for users to remain anonymous but still benefit from the simplicity and accessibility of the internet, there needs to be a way to confirm and obscure their identities at the same time.