Security in a Post-GDPR World

With so much focus on organizational compliance and privacy adoption, it’s easy to overlook the important role that individuals can play as their own privacy and security advocates. Educated consumers understand their rights as data subjects and can play a critical role in advancing GDPR-compliant security practices. Now that we’ve seen the May 25 deadline for the EU’s General Data Protection Regulation (GDPR) come and go, all personal data will be secure, and consumers will no longer need to worry about leaks, exposure, and breaches of their information. Right?

Maybe things aren’t quite that utopian. Still, GDPR has surely bolstered consumers’ security expectations and encouraged many organizations to revisit their security posture, especially those not otherwise bound by sectoral privacy regulations such as PCI-DSS and HIPAA. It’s likely that the security improvements in response to GDPR will continue to accumulate over time, even if there are few visible changes in the short term. So, is the world now a more secure place, and what else needs to be done to assure the public about the use of their personal data?

Here, we will review the short-term outcomes of GDPR, consider potential effects in the future and present immediate actions that individuals can take to secure their data and reduce the volume of their personal information held by companies. We also recommend short- and long-term strategies for organizations that want to publicly assure consumers of their commitment to data protection, considering the current availability of third-party attestation and certification programs, and provide advice for vetting privacy professionals and audit firms.

Read the full article on

About the Author

Amber Welch

Amber Welch is a Privacy Technical Lead for Schellman & Company, LLC. With more than 6 years of experience as a technical writer and privacy and security governance consultant, she is dedicated to GDPR and other privacy-focused engagements. Amber has served as a panelist during Black Hat and published several articles on recent privacy developments. She holds a master’s degree from the University of Nebraska, as well as the CIPP/E and CCSK designations from the International Association of Privacy Professionals and the Cloud Security Alliance.

More Content by Amber Welch
Previous Flipbook
California Privacy Act Vs. The General Data Protection Regulation
California Privacy Act Vs. The General Data Protection Regulation

Can you rely on GDPR to satisfy the requirements of CCPA?

Next Article
GDPR and Its Effect Since the Go-Live Date
GDPR and Its Effect Since the Go-Live Date

The General Data Protection Regulation (GDPR), which has now come into force, has a primary aim of strength...