Security Process Mapping and GDPR

Posted by Arup Das on February 28, 2018

2017 has been a year of many destructive cyber-security attacks. The attacks in 2017 alone have given us insight on what to expect in the upcoming 2018. According to a research done by Harvard Business Review, not only are target firms of cyber-attack affected, related firms are also affected. Related firms, in some instances, are negatively harmed, or sometimes may even help them.

“What is more, we found that a good corporate privacy policy can shield firms from the financial harm posed by a data breach – by offering customers transparency and control over their personal information – while a flawed policy can exacerbate the problems caused by a breach.” Transparency is the practice of telling customers what information is being collected from them and how the information is being used. Control is the ability for customers to decide on what information to give out. By implementing transparency and control practices, firms will be able to mitigate the effects of the security breaches. GDPR is a legislation that will address these two issues.

What is GRPR?

General data protection regulation (GDPR) is a European Union legislation that is designed to strengthen and unify data protections well as give greater protection and rights to individuals. There are two new concepts that are being introduced in the GDPR legislation: provision for data portability (person should be able to transfer their personal data from one electronic processing system to and into another without being prevented from doing so by the data controller and the right to be forgotten (right to erase their data). Ownership of personal data shifts from the company to the customer. As control over personal data shifts to the customer, transparency will also increase.

Studies done by Harvard Business Review has shown that customers view firms that are transparent and offer differently than firm that do not offer them. They are less inclined to punish breached firms, remaining loyal even after the breach. “Customers of firms that offer high transparency and control reported feeling less violated from big data practices, attested to be more trusting, provided more-accurate data to the firm, and more likely to generate positive word of mouth.”