Severe Data Breach Punishment And Extended Liability And Consent Key Issues
The EU General Data Protection Regulation (GDPR) will become law on 25 May 2018 and is the most significant change to privacy law in a generation.
The GDPR preserves and builds on the principles of the current EU legislation, which was designed for a pre-digital age. It seeks to achieve greater legal consistency across the European Union (EU) and the wider European Economic Area (EEA), and at the same time introduces new aggressive and intrusive rules, such as heavy fines, civil sanctions, regulatory action and even criminal penalties for those in breach of the new legislation.
The Strategy Analytics Mobile Workforce Strategies (MWS) service report, “Understanding the Impact of General Data Protection Regulation (GDPR) on Enterprise Mobility and the IoT,” predicts that many companies will not be ready for the significant changes necessitated by GDPR and the way they handle customer data.
“Adjustment to the new GDPR legislation will require radical changes in approach for most businesses that touch customer data in the EU and EEA. Companies that are unprepared will be exposed to an unprecedented regulatory risk,” commented Andrew Brown, Executive Director of Strategy Analytics’ Enterprise and IoT Practice and author of the report, “The IoT will be posed a unique set of challenges by the introduction of GDPR, especially around automated data collection and consent,” he added.
“With severe sanctions in play from the outset of GDPR’s introduction, we believe there will be an impact on how companies approach their mobile strategy, in particular, their willingness to continue to supporting a BYOD (Bring Your Own Device) or COPE (Corporate Owned, Personally Enabled) strategy. The net impact on cybersecurity spending, including Enterprise Mobility Management (EMM) will be positive, as will the growth in corporate liable devices,” said Gina Luk, Principal Analyst, Enterprise and IoT Practice.