No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • GRC Connect U.S.
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

No One Likes a Super Spreader … of Personal Data

Lessons from COVID-19 to Improve GDPR Compliance

by Sandra Erez
November 3, 2020
in Data Privacy, Featured
silhouettes of faces with binary overlay

Inaction can be devastating. This is as true in an individual’s response to COVID as it is in an organization’s strategy for GDPR compliance. Sandra Erez draws parallels between epidemiological crises and data breaches – both of which can have dire consequences.

Double Trouble

Fear is a great motivating factor for people to start complying to previously ignored rules and regulations – whether that applies to COVID-19 or GDPR. Take for instance the increasing number of non-mask believers suddenly donning masks following spiking numbers of COVID-19 deaths in their area. Like most of us not believing authorities’ dire predictions until they hit home, people still tend to be reactive rather than proactive – and even more so when an ongoing situation is rife with uncertainty.

The story of GDPR preparedness seems to follow a similar path. Although introduced in May 2018, with no dearth of heavy fines hitting businesses, there are still an overwhelming number of EU, U.S. and U.K. businesses that are not fully GDPR compliant – and some that haven’t yet begun their GDPR initiatives.

Like COVID-19, GDPR doesn’t seem to be going away anytime soon, although some businesses would probably like it to. So why, after more than two years, are so many organizations unable to rise to the challenge?

GDPR is a Hard Act to Follow, and it is Contagious

Since it came into force in 2018, GDPR has caught on around the world like a highly contagious virus. And as more data privacy regulations pop up (e.g., California Consumer Privacy Act (CCPA), Brazilian General Data Protection Law (LGPD), India Personal Data Protection Bill, Chile Privacy Bill Initiative, New Zealand Privacy Bill, etc.), germinate and spread across the world, organizations are increasingly becoming unsure of how to proceed. The complexity of an ever-expanding global regulatory framework has become too overwhelming for businesses who don’t have proper tools and strategies in place. It is obvious that the difficulty in understanding the legislation and knowing when and how to report and deal with incidents has been a deterrent for organizations wanting to meet the GDPR compliance challenges, and it is severely undermining their confidence in their ability to do so.

Meanwhile though, no one is cutting those unprepared companies any slack; in the first 10 months of 2020 alone, the EU authorities stepped up on noncompliant businesses by giving out 220 GDPR-related fines. In fact, from June 2019 to June 2020, 260 percent more fines were handed out per month compared to the same period the year before – a clear indication of a continuous upward trend.

Fear of Flying During COVID-19

Beware: In case you thought COVID-19 might be a nice excuse to give to the local data protection authorities (wherever you are) when they rudely knock at your front door, don’t count on it. Although British Airways is already incurring huge losses from COVID-19 travel fallout, they were just slapped with a fine of £20 million for a 2018 data breach that had exposed the data of over 400,000 customers. Undetected for two months and caught only by a third party, the breach, which exposed personal data like employee login credentials and credit card information, caused tremendous harm to BA’s reputation.

So, watch out: Although a recent ICO decision reduced the original fine down from £184 million to £20 million (owing to BA’s COVID-19 business losses, combined with improved security solutions now in place), no one can get complacent. This breach was considered a severe failing because of the number of people involved without taking into account the potential class-action lawsuits that might follow.

Unmasking Data Privacy Legislation: Come Out, Come Out Wherever You Are

For many nations, EU’s GDPR is a lantern of light in a data-dense, dark-web world. Chances are that no matter where you do business right now on this earth, data privacy is on its way to becoming recognized as a fundamental human right not to be violated.

American citizens, not to be surpassed by their European big brethren are also clamoring for increased legislation to be added to the existing federal and state data privacy laws. Despite the havoc wreaked by COVID-19, which put the brakes on passing data privacy bills this year, people are tired of big corporation data abuse. More than 30 states have put forth bills for consideration in 2020 alone.

Other U.S. lawmakers, impatient with the current, ineffective consent model are calling for stricter measures on a federal level. Senator Kirsten Gillibrand (D-NY) proposed the formation of a federal data protection agency paralleling the EU’s GDPR body, while Senator Sherrod Brown (D-OH) proposed a Data Accountability and Transparency Act of 2020 (DATA 2020), which would create a new independent agency that can hold corporations responsible for violations.

In that not-so-futuristic scenario, an organization’s data collection algorithms would need to be submitted to the data agency in exchange for an approved corporate compliance certificate. Authorities enforcing those laws will have the technological means to see through the previously opaque screen of company data collection and usage and punish those errant organizations with civil penalties.

Waiting in the White House Wings

If these bills pass their clinical trials on the polished floors of Congress, the winds of change will not only ruffle the corporate masks, it will blow them off shamed corporate faces, leaving them unprotected from the virulent wrath of the law and consumers.

And unfortunately for the data abusers, there is no vaccine in waiting in the White House wings to cure those ills. Even drinking bleach won’t work.

What Goes Around Comes Around

Gradually – and perhaps grudgingly – we must internalize that any of us could be the next target of a data breach investigation. It’s time to weigh the risks and make the investment in having the right paraphernalia for meeting the data privacy challenge and doing the right thing for everyone involved. Slapping on the mask after those invisible particles – be it data or viral – circulate around the globe is not going to stop you from becoming known as a careless super spreader of someone else’s personal data. You have been warned.


Tags: COVID-19Data BreachGDPR
Previous Post

Is Your Company Focused on the Right Risks?

Next Post

NAVEX Global Enters ESG Software Market with CSRware Acquisition

Sandra Erez

Sandra Erez

Sandra Erez is Director of Global Compliance at VinciWorks, a leading provider of risk-based compliance training and software solutions. Recognizing that organizations need to go beyond ‘tick the box’ compliance in a global and highly dynamic regulatory environment, VinciWorks is on a mission to reinvent the impact that best practice compliance solutions will make in solving real compliance issues in real time.

Related Posts

stacks of papers

Advent of New State Data Privacy Laws Is the Perfect Time to Revisit Your Contracts

by Sarah McAvoy
October 9, 2023

Complying with patchwork of laws creates continual burden

wall of filing cabinets holding private information

Wave of State Data Protection Laws Is a Gathering Compliance Nightmare

by Scott Allendevaux
September 26, 2023

In absence of a single national data privacy law, companies continue to face a multi-state balancing act. Data privacy practitioner...

theater marquee showing covid shutdown

Was Covid Pandemic an Act of God? Depends on the Contract.

by Gretchen L. Jankowski and Jacqueline M. Weyand
September 4, 2023

Force majeure provisions in contracts haven’t garnered much attention over the years. But the Covid-19 pandemic appears to have changed...

data privacy on bumper sticker

A National Privacy Law Doesn’t Appear on the Near-Horizon in the US. Globally, It’s a Different Story.

by Kevin Coy and Erin Doyle
August 8, 2023

International law around data privacy continues to evolve as jurisdictions around the world seek to develop and refine their regulatory...

Next Post
two businesspeople shaking hands

NAVEX Global Enters ESG Software Market with CSRware Acquisition

Available SQ

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment Sanctions SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2023 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • GRC Connect U.S.
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe

© 2023 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT