Salted Hash Ep 20: GDPR: Looming deadlines, massive penalties

This week, Greg Reber, founder and CEO of AsTech Consulting, joins us to talk about some basics that will help organizations get up to speed with GDPR.

The May 25 deadline for the General Data Protection Regulation (GDPR) is quickly approaching.

Organizations large and small are scrambling to align with these new requirements, but the task isn't an easy one. In fact, the idea of moving information control away from the companies that collect it and into the hands of the consumer is a major change for some organizations.

In addition to PII (names, addresses, ID numbers, etc.), GDPR also requires companies to protect web-based data, such as location, IP addresses and cookies; in addition to health, biometric, sexual orientation, racial, and ethnic data, as well as political opinions and other generic data.

Now, other regulatory measures threaten fines if data isn't protected, but those fines were few and far between, and they haven't been all that substantial.

But GDPR "has serious fines" Reber says, amounting to percentages of gross revenue, amounting to a serious financial hit to organizations that fail to meet requirements.

Just as an example, if Equifax was subjected to a GDPR file for their data breach in 2017, the cost would climb to more than $60 million dollars.

In the U.S., most organizations are not ready for GDPR, and the largest factor is budget. They didn't plan for this, and now they're playing catch-up.

In the video, Reber offers a number of tips and thoughts on ramping up to compliance, including knowing your data (where it lives, what it is, etc.) and to stop spending money on legal advice, as it won't help you get compliant.

CSO's Michael Nadeau has written extensively about GDPR, and his explainer on the topic can be found in the data protection section.

Want to get the audio of this episode, and all of the other Salted Hash episodes? We've made the show available as a podcast, which is available on Soundcloud, iTunes, Google Play, and Stitcher.

This week's audio is below:

Copyright © 2018 IDG Communications, Inc.

The 10 most powerful cybersecurity companies