Action and reaction; GDPR and the cybersecurity threats landscape

The General Data Protection Regulation (GDPR) became active on May 25, 2018. This regulation will be two years running this year - 2020. So far, there are many raised eyebrows regarding the effectiveness of the regulation, such is the case of  one-third of companies in the EU not abiding by it

So what is the future of cybersecurity in terms of threats companies and customers face in relation to their data? You’ll get a better idea of this in the rest of this article, as well as how GDPR provides a solution to those threats. 

The threats to be discussed include: 

  • Misuse of Data by Companies 

  • Lack of Data Transparency 

  • Poor Understanding of Valuable Data 

Misuse of Data by Companies 

A vast majority of people do not fully understand the power of data, especially when in large quantities now commonly described as big data. However, the impact of the Cambridge Analytica scandal on the 2016 elections in the United States of America helped bring things into perspective for the average Joe on the street. 

When companies collate user data, the explanation given to the public is that this data is to help improve servicees and hence increase customer satisfaction. However, behind the scenes, it sometimes happens that user data is being sold to third parties. When this occurs, there is evidently a break in legal agreement between the individual and the company in question. The irony however is that most times, the party breaking this legal agreement is not called to question. 

With GDPR in place, companies have to adhere strictly to the data agreements with the users. One of the benefits that come with GDPR enforcement is that companies must delete user data when requested, making the user’s privacy a matter of great importance as rightly expected. On the violation of the agreements, companies will have to pay huge fines, which serves as a great deterrent. 

Lack of Data Transparency 

Before the GDPR, data happened to fall into a black box as far as the owner of the personal data was concerned. Majority of companies simply collected user data, and did whatever they wanted with it without most users not having any idea of the lifecycle of this data. As a result of this, data breaches occur and companies try to cover them up without letting the public know. In such cases, the users get to suffer for the breaches as third parties have access to personal data and able to carry out malicious acts; leaving the users vulnerable and unaware of this data related vulnerabilities. 

With the GDPR in place, companies are forced to be more transparent about the state of user and personal data. While there is repercussion for the companies when data breaches happen, the users will also always be informed. Hence, they become better equipped to take security measures and prevent further havoc and hence reduce cyber related data breaches. 

Poor Understanding of Valuable Data 

All data is useful. However, in certain contexts, some data types are not essential to day to day operations of organisations. Notwithstanding some organisations still fall prey to the temptation of keeping as much data as possible thereby storing data not immediately of benefit or even of use – of course this data needs to be secured. The knock on effect of which is the high operational and related cost to adequatley fulfil this activity of securing data due to large scope of data to be protected. 

The GDPR ensures that companies get to rethink their process of collecting data. The right questions get asked about what kind of data truly matters. It then becomes easier to protect this data adequately, as well as use it appropriately to the benefit of the users and the company. 


Cybersecurity is taken lightly by many companies. As a result, they mismanage user data and do not make it a priority to keep it safe at all times. With the GDPR in place, companies are obliged to put privacy first at all times and think clearly about data that truly matters to company success. The GDPR enforcement is still in its infancy, as it will be active for two years by May 25, 2020, so it is no surprise that the positive impact it brings is slowly being observed across board.However, it is inevitable that in time, it will help improve the security and privacy of user and personal data. 

You can read all our other guest blogs throughout the campaign week here.

Share this


Guest blog: @LexLeyton on how to best manage employer practices during the #COVID19UK pandemic. Read now on our web…
From international wide-scale distributed computing, to @DeepMind’s pioneering AI powered AlphaFold, learn how…
After a comprehensive #COVID19UK package for full time workers, the Chancellor has extended support to the self-emp…
Thank you to all those working in the NHS for your amazing work and dedication. Tonight we will #Clapforourcarers a…
Guest blog: James Gray, Chief Executive, @Kortext, on supporting UK Higher Education students with free digital tex…
On 2 April, Tim Rawlins, Director at @NCCGroupplc will offer members advice on how organisations ensure they remain…
Guest blog: Jonathan Cordwell (@J_Cordwell) – @globaldataplc – analyses the potential #tech fallout from #COVID19uk
Become a Member

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...