Our right to integrity is a human right. Just as we have the right to lock our front door to protect ourselves from burglars, we have the right to privacy online. We decide whom we want to welcome into our house. The EU Charter of Fundamental Rights stipulates that everyone in the EU has the right to protect their personal data and get access to data collected and the right to have it rectified. But new technology has eroded this human right, and companies continuously collect data for their own purposes.
General Data Protection Regulation or GDPR came into force on May 25th, 2018. GDPR aims to create coherence around the management of personal data within the EU. Because data protection is an essential part of GDPR, it has had a significant impact on the importance of protecting personal data, especially from a cyber security perspective.
Higher security demands and structured security management are necessary to assure proper personal data protection. Each organization must continuously ensure systems that handle or store personal data. Since most IT environments are a network of computers, servers, etc., interconnected in different ways, organizations must ensure security throughout their entire IT environment.
GDPR requires a combination of technology, processes, procedures, and people working together to guarantee personal data privacy. IT departments need to establish security strategies and use them as a framework to prevent, monitor, and manage any data breaches. This includes developing policies and procedures to train employees to handle data correctly.
Lack of security led to hackers stealing information from about 400,000 customers.
British Airways had to pay €3,2 million in financials fines.
The hospital’s information system was not adequately secured and ignored the principle of minimum access, which gave users full access to all patient data, including sensitive information.
Capio St. Göran had to pay €22,4 million in financials fines.
Lack of security led hackers to steal 339 million customers’ data. Thirty-one million were EU residents.
Mariotte had to pay €20,4 million in financial fines.