PCI QSA, Ismael Alfaro shares the top 10 priorities for PCI 3.2 in our short video. Highlights include key considerations for planning for and executing on achieving compliance over the next six months. While some changes in 3.2 are minor, there are others, including multi-factor authentication requirements that take significant planning and implementation timelines.
By: Paul Kendall, CGEIT, CISSP, GDPR | Advisory Services Principal Consultant
At midnight, the following lawsuits were filed:
- Facebook – Filed in Austria
- Instagram – Filed in Belgium
- WhatsApp – Filed in Germany
- Google’s Android – Filed in France
Potential fines for those companies: $9.13 Billion USD. Not to mention the fact that under GDPR, an individual can seek judicial redress either as individuals or in class action suits.
GDPR prohibits bundling – the practice of requiring consent to use a service. Under GDPR, access to services can no longer depend upon whether the user gives consent to use their data. Since this is a huge issue for these litigants, expect an ugly battle. But given the EU’s present animosity towards Facebook, I don’t really expect them to win. After all, Facebook (3 of the four companies listed above) claims its processing model is all about social networking, which doesn’t require that it collect and analyze user data to sell for profit.
Additionally, several US newspapers shut down their newsfeeds to the EU at midnight. Most blamed GDPR indirectly; the real reason is probably they wouldn’t bother to spend the money necessary to become compliant.
These may be the tip of the iceberg. GDPR may well become a major networking disruptor between the EU and the rest of the world.
To learn more about GDPR compliance, watch our webinar on the 7 critical steps to compliance.