Avatar

Imagine this: A weather app that tracks you without your knowledge or consent!

An Innocuous Weather App?

Weather apps are great. Who doesn’t have one?

Like everyone else, you downloaded a free weather app to your smartphone years ago. At that time it asked you to share your current location, as it promises the best weather information when it knows where you actually are. That makes sense. But what if you prefer to keep your location private? Maybe you just want to store a few cities in the weather app and that’s all? “Too many apps are asking for way too many permissions and too much information,” you thought to yourself. You opted out of location sharing.

Fast forward to today. You just read an alarming story about your free weather app: From day one, it has been secretly collecting your location data without your knowledge or consent. And worse, it’s been sending your data over to a third party company that converted it into marketing opportunities for other organizations. Wow, can you believe that! You’re furious! And this is a true story.

The Long Range Forecast

It’s about time for a better way to address situations like this. The General Data Protection Regulation (GDPR) is a new law designed to increase privacy rights for individuals in the European Union (EU), to create consistency across multiple jurisdictions, and to hold companies accountable. Under GDPR, organizations can’t get away with egregious misuse of personal information or they’ll face big fines. Plus they’ll also have to protect the information with “appropriate security” measures as well.

GDPR isn’t just for companies in the EU. It applies to any organization that uses any information to provide goods or services to the people who live there. At Cisco, we are a global organization and are subject to GDPR compliance ourselves. How about you? Your company probably is too.

The compliance deadline is May 25, 2018. Of course, it’s far too early to predict the weather on that day, but it’s not too soon to prepare your organization for GDPR. Just the opposite. In fact, the law is 260 pages with 99 rules (called “Articles or Law”) that you must follow. They cover not only individuals’ privacy rights, but also include cybersecurity principles necessary to properly protect personal information. It requires notification of a data breach within 72 hours of discovery. That’s not a lot of time.

So here’s where we ask: How ready are you for GDPR?

Your GDPR Readiness Kit

“The time to fix your roof is when the sun is shining,” a famous person once said, and the pre-GDPR sun is shining until May. Cisco has been hard at work shoring up our own organization for the deadline, and we’d like to help you prepare too.

That’s why we’ve scheduled a new webinar called “GDPR: Here’s What You Absolutely Need to Know.” It’ll be an engaging conversation with GDPR experts who will cut through the legislation and offer a practical approach to compliance. Think of it as your GDPR readiness kit.

GDPR is coming, whether (weather) you like it or not, and now is the time to prepare. Register now for our webinar! We’re holding two sessions, one for Europe and one for the Americas, and hope to see you there.



Authors

Steve Caimi

Industry Solutions Specialist

US Public Sector Cybersecurity