Tag: European Union

UK issues first-ever GDPR notice in connection to Facebook data scandal

The United Kingdom has issued the first GDPR notice in relation to the Facebook data scandal which saw the data of up to 87 million users harvested and processed without their consent.

The UK’s Information Commissioner’s Office (ICO) has recently imposed the maximum fine of £500,000 under the terms of the Data Protection Act 1998 on Facebook for the social media giant’s role in the scandal. Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, may now receive a fine of up to €20 million, or four percent of annual global turnover, under the EU’s General Data Protection Regulation (GDPR), which came into force on May 25th of this year.

Read more about the first-ever GDPR-related notice on ZDNet.

EU telecoms suffered 169 major security incidents in 2017

ENISA, EU’s agency for network and information security, has released a report on major telecom security incidents that occurred in the EU in 2017. Electronic communication providers in the EU have to report significant security incidents to the national telecom regulatory authorities (NRAs) in 28 EU Member States, Norway and Switzerland.

Every year, the NRAs report summaries about the most significant incidents, based on a set of agreed thresholds. ENISA’s report gives an aggregated overview of these summaries. There have been 169 major telecom security incidents in 2017, with human errors being the root cause category involving most users affected per incident (around 1.2 million user connections on average).

Read more about the findings of the new ENISA report on Help Net Security.

​European Union prepares to wreck internet with new copyright law

The internet is a bastion of free speech. You can say whatever you want about anything on any site that allows comments and post any content you like on sites that allow you to share music, code, words, video, and so on. That may be changing. The European Union (EU) Article 13 was just passed by the EU’s Legal Affairs (JURI) Committee. If it makes it into law, freedom of speech on the net will be gagged.

Under Article 13, instead of letting you be free to say whatever you want or share whatever content you desire, every website has to check your every word, sound, video, programming code, image, or video to see if it’s a copyright violation. In short, everything.

Read more about EU Article 13 which, if it makes it into law, will force all websites to check any and all posts for copyright violations, on ZDNet.

To save thousands on GDPR compliance, some companies are blocking all EU users

With the General Data Protection Regulation (GDPR) set to go into effect on May 25th, 2018, many organizations are scrambling to ensure their compliance with the law, while many are unlikely to have compliance sorted out in time.

In search for a solution to GDPR compliance, one organization is simply advocating excluding any user from an EU country. GDPR Shield is offering website owners a JavaScript-based solution to block users in the European Union, seemingly circumventing the compliance requirements of the GDPR (to say nothing of the “world wide” meaning of “world wide web”). Seemingly, interest in the website has been high enough to knock the service offline, as the website has been returning server errors since at least late Sunday night.

Read more about why some companies are considering blocking EU users altogether to ensure compliance with the EU’s upcoming General Data Protection Regulation (GDPR) on TechRepublic.

Are legacy technologies a threat to EU’s telecom infrastructure?

Telecommunications is a key infrastructure based on how our society works. It constitutes the main instrument that allows democracy and EU core values such as freedom, equality, rule of law and human rights to function properly. There are currently over 5 billion unique mobile subscribers and over 2000 mobile operators worldwide. In Europe, there are 456 million unique mobile subscribers, which is equivalent to 84% of the population.

Mobile networks worldwide are still depending on SS7 and Diameter for controlling communications (routing voice calls and data) as well as on sets of protocols that were designed decades ago without giving adequate effect to modern day security implications. In this respect, the interconnected environment has become perilous. “In this context, ENISA has developed a study, which has examined a critical area of electronic communications: the security of interconnections in electronic communications, also known as signalling security. An EU level assessment of the current situation has been developed, so that we better understand the threat level, measures in place and possible next steps to be taken,” said Udo Helmbrecht, ENISA’s Executive Director.

Read more about the findings of the ENISA study on Help Net Security.

Breach-Proofing Your Data in a GDPR World

The massive data breaches that have hit the headlines in recent years, including Yahoo, Verizon, and particularly Equifax, have taken a toll on breach victims, consumers, and corporations. We’ve seen stocks drop precipitously, class-action lawsuits filed, CEOs shown the door, and executives called before Congress. This year, breaches could be even more costly for companies once the European Union’s General Data Protection Regulation (GDPR) rules are in place come May 25.

The rules require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states, and also regulate the exportation of personal data of those consumers outside the EU. Penalties include fines of more than $27 million, or 4% of revenue, whichever is greater. GDPR will apply to any company that processes the data of EU citizens, regardless of where the company is based. Given the global nature of Internet commerce, its impact will be far reaching.

Organizations are under the gun to get systems in place now to ensure that they are in compliance with the regulations, before it’s too late.

Read which six key measures enterprises should prioritize over the next few months in their efforts to comply with the GDPR rules, on DarkReading.

GDPR: Whose problem is it anyway?

With the GDPR deadline looming on May 25, 2018, every organization in the world that transmits data related to EU citizens is focused on achieving compliance. And for good reason. The ruling carries the most serious financial consequences of any privacy law to date – the greater of 20 million EUR or 4 percent of global revenue, potentially catastrophic penalties for many companies.

Compounding matters, the scope and complexity of GDPR extends beyond cyber security, requiring equal involvement from legal and IT teams. For many security executives, this is causing significant consternation about the organizational borders of GDPR. Specifically, “Who owns It?” and “Who does what?”

Effective GDPR compliance requires well-defined roles and division of responsibilities, as well as strong interdepartmental partnerships. Above all, it’s a team effort, and clear communication is the key.

Read about the three core business areas where integrated efforts are necessary to achieve GDPR compliance, and the distinct challenges of each on Help Net Security.

Building a program for GDPR compliance: Can you answer these key questions?

The clock is ticking and the General Data Protection Regulation (GDPR) will start to be enforced in May. Now is a critical time for organizations to plan, budget and make any remaining changes needed to meet its guidelines.

Failure to comply with GDPR standards will result in hefty non-compliance fines, and even U.S. organizations could be affected. Remember: GDPR guidelines will affect any organization handling personal data of individuals no matter where they are located, meaning even U.S. companies that process the personal data of individuals residing in the EU will have to comply.

GDPR is emerging as a board-level issue for many U.S. organizations and the pressure is on cybersecurity professionals to ensure the necessary steps are being taken to protect the personally identifiable information (PII) of EU residents.

Read about the challenges of GDPR compliance and what organizations can do to overcome these on Help Net Security.

General Data Protection Regulation (GDPR) requirements, deadlines and facts

Companies that collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting customer data by May 25. The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply.

Time is running out to meet the deadline, so CSO has compiled what any business needs to know about the GDPR, along with advice for meeting its requirements. Many of the requirements do not relate directly to information security, but the processes and system changes needed to comply could affect existing security systems and protocols.

Read about the GDPR requirements, deadlines and facts on CSO.

2018: The year of the NIS Directive

In 2017 the GDPR buzz reached peak intensity, even in the cybersecurity community. It practically drowned out any mentions of another important upcoming EU law: The Network and Information Security (NIS) Directive.

The NIS Directive is the first piece of EU-wide legislation on cybersecurity and, by May 9, 2018, all EU member countries will have to have it incorporated it into their own national laws.

Read why Marnix Dekker, Network and Information Security Expert at ENISA, thinks that the NIS Directive is a big deal which deserves much more attention than the GDPR, at least from everyone in the cybersecurity community on Help Net Security.