The Wall Street Journal has reported on a developing trend in the cybersecurity and data privacy landscape: European Union regulators are cracking down on perpetrators of data privacy breaches and violators of the General Data Protection Regulation (GDPR).
In Croatia, regulators “fined an unnamed technology service provider last week because it lacked proper cyber defenses, allowing hackers to access data from 28,085 individuals.” Meanwhile Norway’s regulators fined BRAbank approximately $45,975 for exposing customers’ contact details via an untested online banking portal. In Sweden, half of levied GDPR fines have involved lapses in cybersecurity–and in Belgium, regulators fined another unnamed financial institution $118K for failing to prevent a board member from accessing financial information belonging to his ex-wife.
It’s a signal from EU regulators that cybersecurity and data privacy are inextricable according to the Journal’s reporting, underlined by the fact that “Several data protection regulators in different European countries published guidance in recent months about how companies can investigate and report hacks to authorities, as well as protect data if they are attacked with ransomware.”
In a statement to the Journal, Peter Craddock of Brussels law firm NautaDutilh NV, said that cybersecurity teams should coordinate closely with legal professionals in order to develop a companywide cybersecurity strategy that addresses data privacy concerns as a connected component of cybersecurity.