Anyone who does not know that GDPR is on its way and that it will have a huge impact across the UK and Europe, is either living on the moon or in a coma! With all the fuss in the national press, government information releases to corporates and the IT industry making a play for a high value market that makes the 1999 millennium bug industry look like… er, a bug.
Whilst we all know that GDPR is a requirement for all businesses; it is being deployed not only to benefit businesses but for the benefit of individuals - well Joe Public really! There is now the right for individuals to have their personal data removed and forgotten. This is a big win for rights organisations and the tendency towards the individual’s rights regarding privacy. It is a success for the little guy over the money hungry corporate who forever wants to sell us more stuff by analysing our spending habits and behaviour.
This might all sound a bit “right on” and activist but there is a point of this blog.
Hacktivism has very much become the real thing. The actions of hacking businesses to disrupt and bleed corporates with whom the hacktivists have a “moral” issue with the organisation, is illegal of course. My question is; ‘will GDPR requests for data deletion and anonymity be used as a legal method to disrupt organisations?’ I am not discussing the occasional request but a coordinated “DDoS” of requests which legally organisations are unable to dismiss.
Just think of the consequences of organisations being non-compliant? There are fines of 4% of annual turnover or 20,000,000 euros (whichever is greater). Will there be a battle to destroy companies that hacktivists view as reasonable targets by using the legal means of GDPR legislation? I can honestly see them try. How will the ICO delineate between complaints of failing to comply with regulation, which are genuine and those manufactured to stimulate a complaint?
With so many organisations being reported as unprepared for GDPR and the ICO and other European bodies keen to prove the system works and show some heads on spikes as examples; my worry is that there will be a bit of a gold rush of litigation in the first few months after the May 2018 compliance deadline is issued. Of course the other side of this is that hacktivists may continue their behaviour, (quite likely yes?), and publicly use breaches to financially punish their corporate victims, a kind of double whammy, one that really hurts!
The problem for many companies is that the prospect for preparing for GDPR seems complicated and daunting. The truth is that for some companies it will be.
Node4 can help to assist you with establishing where security breaches are likely to come from and help secure data as part of the GDPR process in reducing the risks.
For further information on Node4 key recommendations and solution, please email firstname.lastname@example.org or call 0845 1232222 to contact one of our Compliance experts.