GDPR’s impact since its rollout last year is somewhat hard
to measure, but Tripwire decided to conduct several quick surveys on Twitter to
measure how consumers and businesses view the privacy regulations impact in
light of the recent fines levied against British Airways and Marriott.The overall take from the 400 people surveyed was not very
positive.Even though the fines were a significant amount of money,
about $224 million for British Airways and $124 million for Marriott, 22
percent of those who responded believed they would have no impact on how the
companies approached security, while 52 percent said the fines would force at
least some change. When it came to the
size of the fines themselves only 12 percent thought they were too high, 42
percent said the fines were to low and 43 percent said they were appropriate.Even more damning was the finding that 71 percent felt their
data is no safer with GDPR in place.
https://youtu.be/yBbkpHQe3Ts
Dave Meltzer, CTO at Tripwire, discusses a recent survey conducted on Twitter regarding people's perceptions on the impact of GDPR.
Dave Meltzer, CTO at Tripwire, chatted with SC Media at Black Hat on the survey and sais that while some of the perceptions uncovered in the survey do reflect people’s gut reaction to the situation there is some evidence to prove that corporations are behaving differently under GDPR. He noted significant investment being made by companies in people, technology and processes by companies in order to comply with GDPR.However, one difficulty on this front has been the lack of clear
guidelines or precedents set yet on what level of security is needed to suffer
a breach, yet not be fined for a GDPR regulation violation. Meltzer said this
is because the law is only just over a year old so there is no backlog of case
history for companies to view that will tell them what level of security is
needed to have regulators give them a pass if they happen to suffer a breach.Meltzer pointed out that several companies being fined are
appealing the decisions and if the fine is lowered or overturned only then will
enterprises have a clearer understanding of what level of security is needed.
The rollout of new rules around the Cybersecurity Maturity Model Certification by the U.S. Department of Defense is pushing government contractors to upgrade their internal security practices and protections
These products help organizations comply with specific regulatory requirements demanded of companies in the healthcare, retail, educational, financial services, and government markets.
