The EU General Data Protection Regulation was adopted in April 2016 and will, after two-years of transition, be applied starting May 2018. As we head fast into 2017, it would be easy to start thinking that there is still over a year left before your company must be compliant, but how much have you done to get ready in the last eight months? Probably in all reality, not as much as you would like.
First, an explanation on the concepts in the title of this piece. Data Sovereignty is the concept that digital data and information is subject to the laws of the country in which it is located and/or created. Safe Harbor is an agreement between the USA and EU that regulated and control import, export and processing of personal data and information. And the most recent, EU General Data Protection Regulation (GDPR) is the regulation of “processing’, ownership, rights and storage of personal data and information within the 28 member EU states.
Healthcare data is the most valuable data a thief can get their hands on. Last year Ponemon did a study, which found that of the 40 companies across 12 industries surveyed, that negligence or human error is the primary root cause of data breaches.
In August 2014, the digital security company Websense released a report stating that more than one-third of Canadian IT professionals knew for certain that their company’s data had been the victim of a serious breach.