April 11– The UK’s new privacy regulator, John Edwards, intends to roll out reforms related to privacy, GDPR, and the pursuit of legal justice.
In a recent interview, John Edwards, who started his government role as the UK’s Information Commissioner, explained that his teams could provide feedback to organizations before they invest in specific products or technologies, resulting in fewer investigations and fewer penalties following investigations. In order to put this into play, Edwards’ office would select specific companies for evaluation based on whether or not partnerships with them could serve as a model for other companies.
One major criticism of GDPR pertains to how unevenly the law is applied, and by the fact that investigations can drag on for years. Edwards has the opportunity to reshape GDPR in order to reduce costs, streamline investigative processes and optimize for the long-haul.
Says Edwards, “We have to think of new ways of doing things and I really don’t think taking three years over an investigation is sufficient in a fast-moving digital economy.”
UK and nation-state attacks
In March of 2022, Edwards’ office issued a £98,000 fine against a firm that experienced a ransomware attack in 2020, which resulted in the exposure of personal information. As ransomware attacks increase in volume and levels of attack damage, Edwards’ office continues to ensure that companies are taking basic precautions to prevent and mitigate threats. That said, the UK’s government states that it does not necessarily intend to punish firms crippled by sophisticated state-backed attacks.
Last year, the UK’s government addressed the notion of striking data transfer agreements with other non-GDPR compliant nations. Edwards says that federal agencies must find more satisfactory solutions when it comes to helping organizations that have experienced challenges and paid high legal costs related to data transference.
Nations that are also members of the Organization for Economic Cooperation and Development are in the midst of discussions around governments’ intelligence services and treatment of personal data. Edwards believes that such talks need to move forward quickly. “Internationally, it’s becoming urgent for us to get a coherent international data transfer system,” he stated.
For more information, please visit The Wall Street Journal. Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.