Most people simply don’t care enough to take proactive measures to protect themselves, their identity and their data when online or using their devices, perhaps they think it will not happen to them. Well, the truth is Cyber attacks are real and can be damaging on the long run, hence one needs to curb it completely.
New laws are taking effect across the globe to regulate the collection, use, retention, disclosure and disposal of a person, information. At the same time, the rate of cyber attacks, data breaches and, unauthorized use of personal data is growing exponentially. It is more important than ever particularly for those organizations handling financial data, health information and other personally identifiable information to understand the rights and obligations of individuals and organizations with respect to personal information.
The Emerging data privacy regulatory space
- GDPR
The European Union enforcement of the Global Data Protection Regulatory Space (GDPR) commenced on 25 May 2018, and it came with sweeping changes in the privacy and data security policies for the vast majority of companies operating, not only in the EU, but across the globe. The GDPR applies to all companies processing the personal data of subjects not only residing in the EU, but inclusive Africa. This generally governs how companies manage and share such data.
Furthermore, there are provisions of the GDPR that will be important for all companies to take note of and that includes;
- The requirement for explicit and informed consent for collecting personal and mechanisms to withdraw such consent.
- Breach notifications, the right to access all data that a company has collected and the right to be forgotten through the erasure and cessation of dissemination of data.
So What are the penalties for breaching the GDPR
Penalties for breach of the GDPR are steep up to 4 per cent of annual global turnover or €20M, which is greater. In recent reports, French data privacy regulator, The National Data Protection Commission, slapped Google with a $57 Million fine, the offence has to do with the company’s failure to comply with the GDPR, in other words, you can call it a fine for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.
Cyber crimes and Data Breachment in Africa – What can be done?
Arguably, Nigeria is seen as the giant of Africa and such bold statement should be reflected in the country’s cyber security network, the process of adopting innovations can be lengthy and require full commitment and effort from all security network. In Nigeria and Africa as a whole, the tech industry has grown and more technological innovations are expected to come, as young and smart minds are delving into the tech industry, the future is bright but it can be brighter.
In view of this, companies, startups, corporate business organizations are further encouraged to establish internal policies and procedures to ensure compliance. Business policies may include top-level information security and privacy from the top-level officers of a company, monitoring, breach reporting, risk management program and acceptable use policy.
Technical policies may include encryption of password, authentication protocols, disaster recover intention detection, physical security, patching, etc. Artificial Intelligence(AI) and specifically Machine Language(ML) techniques are now widely employed to enable computers to learn and adapt to new input. Such AI technology can be used in cyber security systems to provide an automated process for the identification of new threats and implementation of technology controls and protection.
Furthermore, Bigger companies should shoulder the responsibility of protecting their smaller counterparts in the tech field, this can be successfully implemented when companies support data privacy as a “human right” where there are rights to protect the legitimacy and ownership to private data. I believe everyone should own the right to his/her private information and exercise the right to make it available to the public or not. Microsoft CEO, Satya Nadella speaks out about data privacy and he voiced his support for data privacy as part of a human right. This focused on three major elements; Privacy, Cybersecurity and Observing the AI ethics. He also cited EU’s General Data Protection Regulation as a model of legislation. Nigeria as a country should urge companies to see common citizens and small businesses as the most vulnerable to cyber threats and task the Big companies to use their power in protecting them.
In conclusion, Recognition of the new and evolving international privacy and security regulations is a requirement, especially in view of the threat of increasing liability and risk with statutory penalties and class action lawsuits. Implementing a compliance program with a set of best practices for privacy and data security will surely help mitigate these risks, but it is a continuing process, especially as technologies in Africa face new hurdles when rolling out new systems and technologies.
Photo source – Unsplash