Security Roundup: Google's GDPR Fine, KnowBe4, Cybint, Digital Training
Google became the first major tech company to be penalized under the GDPR.
This month, Google became the first major tech company to be penalized under the European Union’s General Data Protection Regulation (GDPR) with a $56.8 million fine.
GDPR went into effect last May and requires companies to get users’ consent before collecting information about them, and they must provide a way for users to delete that data. In addition, it requires any company to turn over data it has collected on an individual.
France’s data protection regulator said it fined Google for failing to fully disclose to users how their personal information is collected and what happens to it. It also claims Google did not properly obtain users’ consent for the purpose of showing them personalized ads.
To find out more about the significance of this, we spoke with Matt Dumiak, CompliancePoint‘s director of privacy services. The company assists firms with privacy regulation compliance.
Channel Futures: Does the Google fine represent a significant milestone for GDPR and data protection?
Matt Dumiak: Absolutely, and there [are] a couple of reasons. It’s the first fine under GDPR and it’s the first real significant fine under GDPR. And I think it got a lot of people’s attention at that point just given how large it was and finally you feel the regulators are starting to get a grip on this regulation and their power under it.
CompliancePoint’s Matt Dumiak
GDPR’s been effective since May, and enforcements and investigations take time, and I didn’t expect that a regulator would have an enforcement at the ready on May 25, but it’s taken a little time for them to receive complaints and do some investigating, so they’re finally coming around.
CF: What this news surprising?
MD: I’d say middle of the road. Google has some of the best privacy attorneys in the world, they’ve commented that they did consumer testing, they think that they’re consent valid under GDPR, so it’s surprising in that regard because Google is prepared and they are a good company. But it’s not surprising because this is exactly the type of organization that these regulations are targeting. They had a lot of consumer data and they make a lot of money on consumer data.
CF: Should this send a message to other businesses?
MD: Yes, I think it does. Everyone at this point is probably going and looking at Google’s consent, and their networking and advertising consent, targeted advertising, and saying is this something we modeled ours after, and if so do we need to think about changing it? Also, now that Google has appealed the fine, we are going to get some great commentary from the regulators as well as Google in regards to … what are they going to find to be clear and conspicuous consent, what’s acceptable and what’s not. That’s under any regulation, but it certainly will be nice under GDPR to actually get some clarification around some of these things. I think the regulators did their best to make it black and white, but frankly sometimes it can be fairly gray.
CF: Is this a call to action for businesses? Last fall, a high percentage of businesses still were struggling with GDPR compliance.
MD: It’s certainly going to get the board’s attention within those organizations and it’s showing that the regulators are now …
… at the ready to level enforcements. So it does speak to them. I think a lot of organizations feel overwhelmed about it and at this point maybe they’ve been feeling overwhelmed because they’ve been trying to handle it internally. And with a fine of that amount, while it doesn’t seem like a lot for Google … it’s a message that will get a lot of people’s attention to say maybe we need to leverage some outside support or outside consultants on this to make sure we get it right.
CF: Are we likely to start seeing more fines of this type?
MD: Yes, it’s really going to snowball from here. The French authority took the first step and really showed other regulators what they could do and how much they could fine organizations for potential issues under GDPR. The French regulators are active and engaged, and there are other EU regulators … that are engaged as well, and there’s a cultural difference there. Some take a more lackadaisical approach toward it. But those that have been engaged but maybe they haven’t leveled any enforcement yet, I think this will give them more confidence to do so and their ability to do so.
CF: Also, we’re not just talking about huge corporations, but businesses of all sizes, right?
MD: Yes, it certainly could. This is obviously in the news, it’s everywhere and that means consumer awareness is more than likely up around it, companies more so as well. So when consumer awareness is up around a regulation, they tend to become more aware of their rights under it and make complaints, and that leads to more enforcements as well, and wakes up some companies that might be smaller than Google.
CF: What can we expect to see in terms of further data privacy regulation and how can businesses prepare for it?
MD: In the United States, we see it a lot here, so at this point we’ve got the California regulation that has been passed and it has similar consumer rights to the GDPR … and we also see privacy regulations even at the municipality and local level, in San Francisco even, so inside of California you have something more restrictive there protecting their residents. Politicians have put forth federal legislation and major organizations’ CEOs like Apple’s Tim Cook are calling for federal regulation. They see the writing on the wall. The privacy wave is here. It started with GDPR, but it really got folks’ attention all over the world.
For an organization that’s gone through a GDPR exercise, they may not have had their U.S. data within scope and will need to do that, but at least they have some experience with preparing for it. If they have not prepared for it, it’s going to be a little bit of a shift in how they think about personal data within their organization and how they protect it.
KnowBe4 Rolls Out Advanced Roll-Up Reporting
KnowBe4, which provides an integrated security awareness training and simulated phishing platform, has introduced Advanced Roll-up Reporting, a new feature the company has made part of its updated Account Management Console.
MSPs, resellers and IT administrators at large enterprises, who have multiple KnowBe4 accounts, can more quickly view account information and reporting metrics in aggregate across accounts.
“The human element of security is one that cannot be ignored,” said Stu Sjouwerman, KnowBe4’s CEO. “With social engineering attacks getting more specific and phishing attempts continuing to succeed, we have to ensure users are trained and tested. One of the best ways to make sure they are is to make it simple to review user performance of the KnowBe4 security awareness training and simulated phishing program. Advanced Roll-up Reporting makes it super easy for admins to see how organizations and users are performing. Now, instead of drilling down into an account for details, they can spend their time doing what really works: testing and training.”
KnowBe4’s Greg Kras
Greg Kras, KnowBe4’s chief success officer, tells us partner input was taken into account with designing the feature.
“It allows partners to look at their accounts’ reports all at once, eliminating the need to go into each individual account and look at reporting,” he said. “It also allows partners to group the reports together however they see fit. It makes it easier to use the platform and it gives partners access to other features not available elsewhere in the market. And there’s no additional fee.”
Regional Hubs For Cyber Education Coming
Cyber-education provider Cybint Solutions plans to launch regional …
… cyber centers of excellence in select U.S. and international markets with a goal of providing communities, networks and associations with the education and resources to solve today’s cyberworkforce shortage and skills gap.
The company will partner with higher education institutions and businesses globally to establish hubs for cyber education, and provide training and education opportunities for professionals and students.
Cyber-center partners are able to offer their clients, members, students or other stakeholders access to Cybint’s portfolio of cybereducation solutions, among other resources. These training solutions include cyber literacy courses that provide a basic, comprehensive grounding in cyber terminology, threats and opportunities, and more advanced and comprehensive hands-on simulator labs providing practical training in a “real world-like” environment for cybersecurity professionals.
Cybint’s Roy Zur
Partner organizations also have access to one-on-one consultation, customized cyber skills-building and a cyber-talent platform aimed at helping them match relevant candidates to jobs in cybersecurity and intelligence.
“The battle against cybercrime is one that takes effort, diligence and a commitment to staying ahead of the curve in technology, training and practices,” said Roy Zur, Cybint’s CEO. “That is an effort that spans industries and can only be won with all our collective efforts. We feel very strongly that partnering to establish cyber training hubs serves not only our partners themselves, but anyone who has access to the newly available resources.”
Vodafone Study: Employees Need More Digital Skills
A new Vodafone Institute global study found that employees feel that they don’t have the digital skills they need for jobs in the future.
Some 9,000 people across nine countries were surveyed for one of the first global studies on technology acceptance against the background of digitization.
Key survey findings include:
Globally, 85 percent of respondents said they need digital skills in their job, but 56 percent said their skills need expanding and only 29 percent said their skills are sufficient.
78 percent of respondents in China and 70 percent in Bulgaria see a need to expand their digital skills, compared to 42 percent in the United States, 42 percent in the United Kingdom and 43 percent in Germany.
Just 32 percent of European respondents learned their digital skills at work or during their studies, with 67 percent saying they had to teach themselves.
Eighty-three percent of Indian respondents and 76 percent in China get up to five or more hours of digital training each week, compared to less than 50 percent in Western Europe.
“Digitization is rapidly changing the world of work and the results of this study show that digital skills are now essential for every job,” said Joakim Reiter, Vodafone Institute’s advisory board chairman and Vodafone’s group external affairs director. “However, the expansion of digital skills must keep pace with the ever-changing world of technology, which requires a major shift in the way we teach digital skills in schools, universities and the workplace.”
Read more about:
MSPsAbout the Author
You May Also Like