In the run up to the May 25 rollout of the EU’s sweeping GDPR law this year, and in the days and weeks afterwards, users and customers of virtually every online service were deluged with emails detailing updated privacy policies and requests to opt in to receive newsletters and other communications. The impetus behind these email barrages was the European Union’s new GDPR — the General Data Protection Regulation. This sweeping new law empowers EU residents by putting them in control of their personal data, in terms of how it can be obtained, stored, processed, and used by organizations of every kind.
Two aspects of the new law have sent ripples across the world:
First is the fact that the GDPR mandates apply to organizations located anywhere in the world — if they collect personal information from EU residents. With Web and mobile traffic seamlessly transiting international borders, this aspect of the law gives it global reach.
The second, and most hard-hitting aspect of the GDPR, is that it makes proven noncompliance punishable with huge legal penalties. An organization can potentially be found liable for legal penalties of up to 4% of its annual global revenue or €20 million — whichever is higher — if found culpable for breach of one or more Articles of the GDPR.
Without question, this stringent EU law has led to one of the most intense and widespread compliance efforts in recent times. Organizations continue to face compliance challenges brought on by the law’s ‘Privacy by default and by design’ mandate for personal data collection and usage policies, processes, and systems. At ShieldSquare, our GDPR compliance program provided valuable findings that underline why only a holistic effort can address compliance challenges. Surprisingly, despite the tightening of compliance necessitated by the GDPR, our Special Report shows that many organizations are still at considerable legal risk of breaching the GDPR. This is because many organizations are unaware of, or have overlooked, certain technical attack vectors that can be exploited by malicious bots and their handlers to illegally obtain personal data.
ShieldSquare Bot Intelligence has analyzed a number of threats that can potentially result in personal data theft, such as Account Takeover, Carding, Content Scraping, and Digital Ad Fraud, to mention just a few. If GDPR compliance is a challenge you’re confronting, read our Special Report ‘Why Bot Mitigation Could Be Crucial For GDPR Compliance’ to learn about vulnerabilities that may potentially put your organization at risk of breaching the GDPR, as well as our key recommendations to ensure compliance.