The part that employee threats play in GDPR compliance. Two Year GDPR Anniversary Edition: Balancing compliance and employee monitoring.
In April 2016, European legislators passed the General Data Protection Regulation (GDPR) and announced that it would become enforceable in May 2018. With less than 24 months to get their acts together and avoid hefty fines, organizations scrambled to prepare for compliance. Data breaches have unfortunately become the norm over recent years, and the legislation was formed to better regulate and hold these companies accountable for protecting individual privacy rights.
In 2019, which has been described as the worst year ever for data breaches, 15.1 billion data records were exposed. Data breaches take the form of both accidental leaks and deliberate acts of theft. They are caused by both malicious insiders and external actors, as well as employee accidents – each of which can have unique implications in relation to compliance. Insider threats, in particular, are a serious concern: A 2019 survey found that 79% of firms believed that employees had accidentally placed sensitive data at risk. This not only causes concerns on the security front; data privacy is also a concern. The actions of trusted insiders and employees can negatively impact data regulated by GDPR and other laws when misused.