Website Preloader

The ProcessBolt Platform

agsdix-c370-one-solution

ProcessBolt AI

AI-assisted vendor risk management, and real-time threat monitoring platform. 

agsdix-c370-key-insights

ThreatScape

Attack surface management and security rating solution.

agsdix-c370-manual-reviews

DocAI

Document intelligence and analytics.

agsdix-c370-collaboration

Share Center

Secure and timebound document sharing for the enterprise.

agsdix-c370-integration

Assessment & RFP Response Solution

Answer questionnaires using Knowledge Base and documents with AI assistance.

GDPR and the PII Leak

March 12, 2021

According to Pew Research Center’s survey of more than 4,000 US adults, six in ten say they don’t think it’s possible to go through daily life without having their personal data collected by companies or the government. And while the collection process is not the problem, it’s how these companies handle personal data that’s getting them into hot water.

Regulations, like the General Data Protection Regulation (GDPR), were designed to guide companies that conduct business with European citizens on the ways in which they must protect personal data and to give consumers more power over how their information is used and shared. But personal data breaches continue to rise, racking up millions of dollars in fines for businesses every year.

In fact, DLA Piper’s GDPR fines and data breach survey, launched in January 2021, has reported double-digit growth in both the aggregate value of fines issued and in the number of personal data breaches since January 28, 2020.

Grindr – A $11.7 Million Lesson

Earlier this year, the world’s most popular gay dating app, Grindr, found itself facing enormous fines when it illegally shared private user details with advertisers. The Norwegian Data Protection Authority, an independent body that protects an individual’s right to privacy, said that Grindr shared details such as location and sexual orientation, among other data, with at least five advertising companies, violating portions of the GDPR. In February 2021, the Norwegian Data Protection Authority slapped Grindr with an $11.7 million fine.

Where’s the Disconnect?

Some businesses have stated that the rules and guidelines outlined in the GDPR are too vague and/or complex to implement. Others don’t understand the definition of Personal Identifiable Information (PII), which can change as businesses evolve and new data points are gathered. While most businesses think of PII as primarily name, mailing address, phone number, social security number, and email address, recently the definition has grown to include IP address and social media posts and images, among other things.

As the pandemic continues and consumers get accustomed to online purchasing, more and more data is gathered and stored, and more regulations are introduced. The California Consumer Privacy Act (CCPA) of 2018 was recently deemed too weak to protect individuals, resulting in a second regulation for California: the California Privacy Right Act (CPRA). To date, 128 out of 194 countries have legislation in place to protect data and privacy.

Putting Privacy First

Implementing processes at your own organization to abide by these regulations is the first step, but what about your vendors? How do you ensure your vendors are also abiding by these regulations? Simple—find a vendor risk management platform that maps to any regulatory or internal compliance framework, such as ProcessBolt.

At ProcessBolt, our automated platform conforms to the regulations that govern not only your business but also your vendors. Complete this form to receive a personalized walk-through of ProcessBolt and learn how we can enhance your organization’s third-party risk management program.

You May Also Like…

Understanding the Shift From CCPA to CPRA

Understanding the Shift From CCPA to CPRA

The History of CCPA and CPRA The California Consumer Privacy Act (CCPA), enacted in 2018, marked a significant milestone in US data protection legislation. It aimed to enhance privacy rights and...

read more