International Cyber Expo International Cyber Expo
  • About Us
Thursday, 9 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

One Year Down: GDPR By The Numbers.

by The Gurus
May 28, 2019
in Data Protection, Featured
One Year Down: GDPR By The Numbers.
Share on FacebookShare on Twitter

By Mike Kiser, Global Strategist and Evangelist, SailPoint

Today marks the first anniversary of the EU’s General Data Protection Regulation (GDPR). Europe’s data privacy regulation shook up the privacy world by imposing penalties for some of the strongest consumer protection laws of the last 20 years and inspired even stricter laws in other parts of the world. GDPR created a single breach-notification regulation for the entire EU with the goal of protecting personal data of EU citizens.

So, how are organisations fairing under GDPR? So far, there have been over 64,000 breach notifications, and regulators in 11 European countries have imposed $63 million (or £49 million) in fines. And these are just the first signs of a large wave to follow. With only 29% of EU organisations GDPR compliant, the breaches and fines will continue to happen. This reminds us that our identities comprise not just our attributes, but all personal data that relate to us. Today, we’ll explore three GDPR cases and how the right identity governance strategy can help meet requirements in a sustainable and cost-effective manner.

Taxa 4×35, Denmark, recommended $180,000 fine

One of the primary objectives of the GDPR is privacy: the protection of personal data. That means the spotlight is now focused on how organisations process, store, and secure personal data. A key component of this: getting rid of data that you don’t need. But in Denmark, Datatilsynet recommended fining the taxi company Taxa 4×35 nearly 1.2 million in DK ($180,000) for failing to delete records (customer phone numbers) on 9 million taxi rides after they became unnecessary.

Here’s where identity governance can help. A solid identity governance strategy provides visibility to personal data: what personal data is being stored, who is responsible for it, and who can access it. It also puts in controls and protections in place by removing personal data that has expired. To avoid a GDPR fine, the taxi company needs to put safeguards in place that deletes data following a specified time period, in this case deleting phone numbers after the ride was over not holding onto this customer data for five years.

Hospital, Portugal, $446,700 fine

When it comes to GDPR, organisations must “design in” measures to ensure data protection compliance. After determining that a hospital in Portugal was allowing patients’ medical data to be accessed by non-medical staff, the result of an oversight within their IT department, two fines were imposed for a total of €400,000 ($446,700) because of their “failure to put in place appropriate technical and organizational measures to protect patient data.”

With identity governance, organisations can strengthen controls by providing centralised visibility into the access control models for all resources storing and processing personal data, assigning data owners to all resources containing personal data, and automating review of access rights across all resources containing personal data. The violations the hospital was fined for could have been prevented if they had an identity governance platform in place to help centralise the view of users’ access and thus ensure that the right people had the right access to the right data.

Hotel, EU, investigation ongoing

Under GDPR, organisations are required to report data breaches from 72 hours from the time they became aware of the breach to report it. Enter in a high-profile case of a large hotel chain, which has been ongoing for several years, but it is a good example to show what will happen if you don’t report a breach in a timely manner. A data breach impacting 500 million hotel customers was discovered in September 2018, with some saying the breach has been ongoing since as early as 2014. This incident was not disclosed until late November of 2018, far outside the 72-hour window for disclosure set by GDPR. The penalty? Up to $915 million.

Identity governance is put in place to help notify data owners and managers of any violations or anomalies in the access of sensitive data, and to automate remediation when violations are detected. If the hotel had something in place to detect the breach on the onset, it might have avoided the potentially massive fines that may result from missing the reporting window.

Identity at Play: Security Is a Marathon, Not a Sprint

By looking at the taxi company, the hospital and the hotel, it is clear that the only way to maintain GDPR compliance and data protection is to automate as many identity and access management tools and security audit processes as is reasonably possible. From these cases, it is imperative that automation is a vital component when processes must be repeated regularly and responses need to occur in real time.

With one year under its belt, it doesn’t look like the GDPR is going anywhere anytime soon. By assessing risks with identity governance at the forefront, an organisation can create a roadmap to prioritize and remediate the most pressing regulatory gaps, and thus effectively control and secure the organisation’s data.

Share3Tweet
Previous Post

Cyber Risk Management – Bringing Security Intelligence To The Board.

Next Post

Almost 80 Percent Of Cyber Security Professionals Concerned They Don’t Have The Resources They need.

Recent News

malware

Huntress Uncovers ‘Vibe-Coded’ Malware Used to Map Active Directory Environments

July 8, 2026
Check Point’s ThreatCloud AI Blocked 4.6 Billion Attacks in 2025, Latest ESG Report Reveals

Check Point’s ThreatCloud AI Blocked 4.6 Billion Attacks in 2025, Latest ESG Report Reveals

July 8, 2026
Kirsty Fowler, WorkNest Secure

Next Gen Spotlights: Building a More Resilient Future – Q&A with WorkNest Secure

July 8, 2026
Mike Winston on Why Jet.AI Shifted From Aviation to AI Infrastructure

Mike Winston on Why Jet.AI Shifted From Aviation to AI Infrastructure

July 7, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol