In the weeks leading up to the deadline for GDPR’s obligatory implementation, complaints to the leading data protection agencies in Europe about breaches of the new regulation piled up;and it hasn’t taken long for the reactions, and of course, the sanctions, to appear. Facebook, which has been under scrutiny for months now, has received the first large sanction for not following the data processing standards found in the legislation.
And the fact is that two months after the GDPR came into force, data protection is still causing real headaches in many companies, both in Europe and further afield. Not only have we seen cases of intentional theft of data, but we’ve also seen cases where data has been lost due to internal cybersecurity carelessness.
And now we know the consequences of one of the cases of personal data abuse that has generated most interest among the public in the last few months: Facebook and Cambridge Analytica. A controversy that affected over 87 million users whose personal information was collected by the consulting firm without their express consent, and then sold to third parties, who supposedly used it to benefit Donald Trump’s presidential campaign.
Now, the Information Commissioner’s Office (ICO) in the UK has given Facebook a fine, the first the social network has received in relation to this scandal.  The ÂŁ500,000 (€564,951.15) fine is the maximum stipulated by the country’s data protection laws. This amount is probably not enough to make a dent in Facebook’s finances: the company is able to earn the same amount every five and a half minutes.
The IOC ruled that Facebook failed to safeguard its users’ data, and that it failed to be transparent with how it used this data or the interests that lay behind this abuse. The IOC will also bring criminal action against SCL Elections, Cambridge Analytica’s parent company.
So what has been the outcome of all this? The social network must pay the fine, although it is undoubtedly a minimal fine in comparison with the magnitude of the scandal.  It’s worth remembering that the GDPR can impose fines of up to 4% of a company’s annual turnover. This means that, had this been a sentence within the framework of the European Union, Facebook could have faced a fine of €1,581,863,215, significantly higher than the one imposed by the UK.
This is not an isolated case
While the Facebook controversy is making headlines, there are many other cases of abuse of data that have come to light in the last few months.
In September 2017, Equifax was implicated in one of the largest data breaches in history, when personal data of over 142 million people was leaked. Â If we suppose that the company would have received the highest sanction possible under GDPR, Equifax would have faced the astronomical fine of 124 million dollars.
An even bigger case in terms of the amount of data affected was Exactis, a US marketing company. At the end of June, a database with 340 million individual records containing personal data was left exposed on the Internet without authentication. This means that anyone could have accessed the database and its content.
Timehop was involved in another significant breach that exposed the data of 21 million users on July 4. The hacker that stole the data was able to gain access thanks to a cloud storage account that didn’t use multi-factor authentication. The company has stated that it contacted data protection officials shortly after the discovery of the breach.
It is clear that the economic sanctions that the GDPR entails are no trifling matter, and that, despite the increased interest in the subject of data protection, the problems surrounding the handling of personal information (PII) aren’t going to go away overnight. But…
How can you avoid getting on the wrong side of GDPR?
If you’re worried about your company’s IT security, you’ll be interested to find out about Panda Adaptive Defense, the advanced cybersecurity suite that incorporates Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) solutions with 100% Attestation and Threat Hunting & Investigation services. The combination of these solutions and services provides a detailed overview of all activities on every endpoint, total control of running processes, and reduction of the attack surface.
Panda Adaptive Defense has modules created specifically to stop access, modification and exfiltration of both internal and external information. Because Panda Data Control is able to discover, audit and monitor unstructured personal data on endpoints: from data at rest, to data in use and data in motion.
It stops uncontrolled access to your company’s sensitive data and helps you to company with the new data protection rules found in the GDPR.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
7 comments
I keep getting reminders that my Panda subscription is doe shortly and that I can renew with a 60% discount but THERE IS NO WAY OF PAYING THE REDUCED SUBSCRIPTION
In fact the does not appear to be ANY way of paying the reduced amount of R262.00
This is totally frustrating to the extent that if the matter is not resolved by the 8th September 2018 when my subscription falls due I will stop using Panda and change to Kaspersky
Will someone please contact me URGENTLY and sort this out so that I can pay R262.00 for the Anti Virus Pro
Regards
Hulbert CrawCour Cedar Accounting and Financial Services
Cape Town South Africa
27-21-975-9691
27-83-700-9759
Hello Hulbert,
We have reviewed the case and from the renewals area to the store we see nothing wrong with the configuration. Please make sure that you are renewing from a connection that does not filter or modify your location. i.e. using a VPN service or connected to a corporate network.
We hope this helps!
Greetings,
Panda Security.
Is there any new updates related to data protection. Because I found some notifications and irrelevant message related to it. Please help me regarding this.
J’ai aujourd’hui 2 sujets
-je suis arcelĂ© de demande de renouvellement antivirus alors que je suis abonnĂ© encore pour un an ? C’est le moins grave.
-c’est installĂ©, automatiquement, un raccourci “panda dome” quel est ce logiciel en arrière plan? De plus quand je me connecte Ă ma banque, je suis “expulsĂ©” pour “compte non protĂ©gĂ©” alors que prĂ©cĂ©demment je me connectais sans problème.
Enfin, je ne plus lancer une analyse de mon systhème ; il semblerait qu’un Ă©lĂ©ment est dĂ©faillant !? De plus je ne trouve pas de lien pour recharger PANDA si nĂ©cessaire !help help help!!!!
Bonjour,
Nous sommes dĂ©solĂ©s pour le dĂ©rangement. Nous examinerons la frĂ©quence d’activation des notifications. C’est parce que vous pouvez avoir d’autres produits expirĂ©s associĂ©s Ă la mĂŞme adresse e-mail / compte Panda. Cependant, ces notifications peuvent ĂŞtre dĂ©sactivĂ©es Ă partir du Menu-> Paramètres -> GĂ©nĂ©ral -> Nouvelles.
Pour obtenir de l’aide en cas de problèmes techniques, veuillez contacter le support technique au lien suivant : https://www.pandasecurity.com/support/#homeusers
Nous espérons avoir été utiles.
Salutations,
Panda Security.
GDPR is the really good thing.
Agreed, we need these regulations.