GDPR is here to stay
What is GDPR?
General Data Protection Regulation, or GDPR, is a European regulatory package for data protection adopted in 2016. It went into effect one year ago, on 25 May 2018, aiming at making Europe fit for the digital age.
GDPR was designed and approved by the European Parliament, the Council of the European Union and the European Commission as a binding regulation aimed at giving European citizens control over their personal data.
To celebrate the first year of GDPR, the European Commission published a GDPR infographic taking a closer look at awareness, compliance and enforcement of the new rules.
What GDPR means for individual citizens
Protection of personal data is a fundamental right throughout the European Union, as stipulated in the EU Charter of Fundamental Rights. GDPR is an essential step to strengthen individuals' fundamental rights in the digital age.
To enforce better personal data protection across Europe, organizations that fail to comply with the GDPR law may face a fine of up to 20,000,000 EUR, or up to 4% of the previous year’s profits.
By making organizations responsible and accountable for the security and privacy of user data, GDPR improves the protection of personal data throughout the European Union.
Another aspect addressed by GDPR is the export of personal data outside the EU area. GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
What GDPR means for security researchers
While GDPR has raised certain challenges in threat intelligence sharing, the biggest impact GDPR has over security research is how the contact information for internet domain owners is displayed and handled by domain registrars.
Whenever a person or a company registers an internet domain name, personal information about the registrant is made available to the public. Such information usually contains the name, address, email address and phone number of whoever is responsible for a specific domain name.
This information, referred to as WHOIS, is a gold-mine for security researchers when investigating cyber threats. WHOIS can be used to find correlations between different malicious campaigns, by looking at the data used by criminals to register their domains.
WHOIS is also invaluable for notifying a cyber-attack victim, or reporting malicious activity coming from an abused network.
Limiting public access to WHOIS information reduces the efficiency of investigations by the security research community.
What GDPR means for the enterprise
With GDPR being active for one year now, organizations across Europe have become more focused on increasing the detection speed of cyber-attacks, decreasing time required for recovery, and limiting the damage from data breaches.
GDPR is a multi-faceted regulation with no single solution that will ensure compliance, thus strengthening your security by increasing network visibility is key to avoiding sanctions and penalties.
At Ixia, a Keysight business, we are proudly working with organizations around the world to increase their visibility into the information crossing their network, to help them protect customer data.