We were asked to look at how the EU GDPR is moving forward with their data protection laws, because in the world, other countries are following their lead. In this article we see that Facebook (WhatsApp) will go to court to dispute the fine. But looking more, we see the Ireland DPC was originally looking to levy a smaller fine, but they were pressured to increase it. We believe that is the future of international businesses that collect data and tie it to a person. And we can expect that any fine levied in the EU will be also pursued in Brazil, in the US and in many other countries who are developing their own cyber laws. If you look at Ohio, in every State and in the US, cyber rules are being proposed and written into law.
They receive almost 100% support from conservatives and liberal officials. The blame for this reaction to breaches and cyber failures is with the technology industry because they do not practice cybersecurity effectively. Pick any organization and look at their systems and partners. Look at their RFPs. Very little is asked for data security. We have asked top executives why they use non-compliant subsystems from non-compliant third-party vendors. Most say they do not know. Not a good answer. So where should we begin in Ohio and in the US. We download the NIST CSF and start to create policies, procedures, training, execution, and verification with our team. There is always those who advocate other CSFs. But we can learn from the DoD cybersecurity program. The CMMC system is NIST based. It is here to stay.