The Data Privacy Laws are still the hottest topic in Tech now. Committo were at another security event (we like to attend a few), in which the context of the new laws was discussed as really being about pushing business to invest in security. That is what the Governments of the world are essentially trying to do.
The European GDPR is quite comprehensive and effectively covers any customer data gathered from customers, even website visitors that are European. The standards are high and so are the possible fines if ones breaches the regulations. Businesses can be liable up to 20 Million Euros. The laws are in effect as of the 25/05. So if there is any doubt about how secure your European customer data is, now is the time to check in with a professional for help.
This is an important topic to consider, as data is collected at all points of the network. Signing privacy agreements does not stop data ending up in the wrong hands. The difference is now that there are steeper penalties in place for those that mishandle data. It remains that our network security is only as good as the trust and faith we place in the providers we choose to protect us.
The Government can only regulate and punish those that are found to be doing the wrong thing. The individual must think carefully and maintain vigilance on the data we use day to day in our jobs and raise any concerns quickly if we think data maybe slipping out unnoticed. A program of continually adaptation to possible threats is also time an individual/organisation should set aside for thinking about because we live in an age of constantly evolving technology security threats.