{"id":1535,"date":"2018-05-25T11:01:39","date_gmt":"2018-05-25T15:01:39","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=1535"},"modified":"2018-05-25T11:01:39","modified_gmt":"2018-05-25T15:01:39","slug":"gdpr-enforcement-day","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/gdpr-enforcement-day\/","title":{"rendered":"GDPR Enforcement Day: What You Need to Know About Consent"},"content":{"rendered":"

\"GDPR<\/p>\n

Today\u2019s the day: The European Union (EU) General Data Protection Regulation (GDPR<\/a>) becomes fully implemented. GDPR enforcement begins in earnest. It really is a watershed moment for threat detection, data privacy, and cybersecurity\u2014and enterprises around the globe are scrambling to adapt.<\/span><\/p>\n
Widget not in any sidebars
\n

According to research by <\/span>Capgemini<\/span><\/a>, 85% of enterprises surveyed last week were not ready for GDPR<\/a> enforcement. Simultaneously, Fortune 500 companies have spent nearly $8 billion combined to achieve GDPR compliance.<\/span><\/p>\n

American enterprises need to remember that they are not exempt from GDPR<\/a> enforcement: in fact, quite the reverse. If your enterprise collects any data on EU citizens, you are liable for the heavy fines and litigation that comes with a GDPR compliance violation. <\/span><\/p>\n

There have been a lot of headlines today surrounding GDPR enforcement. But one headline in particular should give enterprises pause: <\/span><\/p>\n

\u201cForced Consent\u201d Will Most Likely Not Fly For GDPR Enforcement <\/b><\/h3>\n

European privacy group None of Your Business (noyb.eu) has already filed a complaint against both Google and Facebook for forcing users to consent to their data usage terms or be outright denied service. While it is as yet unclear whether this will fall under GDPR<\/a> enforcement, noyb.eu argues that both the letter and spirit of the law says that users should have a real choice in how their data is used. The days of a simple checkbox for \u201cagreeing to all terms\u201d are over. \u00a0<\/span><\/p>\n

If the EU does find Facebook and Google guilty of a compliance failure, the combined fine could total around $7 billion. <\/span><\/p>\n

What Should Enterprises Learn? <\/b><\/h3>\n

It\u2019s better to be safe than sorry; give your EU customers a genuine choice in how their data is used. If they deny permission to certain data usage, you shouldn\u2019t block services to those customers. <\/span><\/p>\n

Customers also possess the right to be forgotten\u2014the right to ask that all of the data a company has collected on them is deleted. The EU will (most likely) want companies to allow those customers to have access to their services equally. In other words, the consent protocol has to be implemented properly and in good faith. \u00a0<\/span><\/p>\n

According to Max Schrems, head of noyb.eu, in an interview with <\/span>ZDNet<\/span><\/a>: \u201cyou do have the legal power to use all the data that’s necessary for your service anyway. Limit consent to what’s really interesting, which is the stuff that’s not really necessary for a service — the add-ons the companies want to make money on.\u201d <\/span><\/p>\n

“Consent does work if it’s a really specific question you’re asking, like ‘Do you want to have personalized advertising or not?\u2019 It does not work with a long list of everything you want to do with data.”<\/span><\/p>\n

Other GDPR Enforcement Advice for Enterprises<\/b><\/h3>\n

Your enterprise needs to keep the following in mind: <\/span><\/p>\n