GDPR: Distinguishing Fact From FictionEuropean Cybersecurity Expert Sorts Through the Confusion
With just a few months left until the EU's General Data Protection Regulation will be enforced, too many so-called "experts" are spreading fear and falsehoods about the regulation, says Brian Honan, a cybersecurity consultant based in Dublin.
"People are worried about what is going to happen come May 25 next year when GDPR will be enforced," Honan says in an in-depth interview with Information Security Media Group. "Companies are struck by fear, and it's not been helped either that suddenly everywhere you turn there is a GDPR or data protection 'expert' that has been known to say that GDPR in 2017 is similar to what Y2K was in 1999. ... We have 'experts' in data protection that ... a few years ago wouldn't have even touched the topic."
Several facets of the regulation are poorly understood, and weeding out the facts can be difficult, Honan acknowledges.
One misperception, he points out, is that consent is required before an organization can use a European's information. "That's not true. You can use someone's information if you can demonstrate a legitimate business need, or if you have an existing business relationship with that person," he points out.
In this interview (see audio link below photo), Honan discusses:
- Misperceptions about "the right to be forgotten" provision in GDPR;
- How well prepared organizations are for the GDPR compliance; and
- Penalties tied to enforcement of compliance.
Honan is president of Dublin-based cybersecurity firm BH Consulting and the founder of Ireland's first computer emergency response team, IRISS-CERT. He's also a cybersecurity adviser to the EU's law enforcement intelligence agency, Europol.