By legislating meaningful rights for the individual, and the corresponding obligations on the organisations who manage the information, the power of the information is transferred to the individual. To ensure compliance imposed severe penalty payment.
GDPR (General Data Protection Regulation) brings revolutionary changes in IT systems. It also involves major efforts to adapt all the systems and procedures to the new requirements. This opens up great opportunities for those who deliver services and products in the field of information security. It is no exaggeration to compare the scope of work with the Y2K adaptation.
Unlinkability, transparency and influence
The traditional information security objectives: confidentiality, integrity and availability is now complemented by three new objectives: unlinkability, transparency and influence. These goals are contradictory pairs; one can not, for example have maximum availability and maximum confidentiality at the same time.
Therefore, it becomes a necessity to understand the implications of different technical design decisions so that the solutions being built are balanced between the different objectives. The focus is about to shift from the traditional objectives against the new.
Privacy by design
It will be cheaper for those who are designing for privacy from the outset (privacy by design). Whoever designs without understanding these impacts will need to be correct in hindsight - something that will always be more expensive than doing it right from the start. Therefore, expertise in the field of information security is crucial to success.