The new General Data Protection Regulation (GDPR) directive will take effect on May 25, 2018. The GDPR is enacted by the European Parliament and it aims to protect all EU citizens from privacy and data breaches in an increasingly data-driven world. The law requires technology companies to get affirmative consent for any information they collect on people within the EU, while organizations that violate the GDPR could face fines of up to four percent of global annual revenues or €20 Million (whichever is greater).
There is an ongoing debate regarding the efficiency of the new privacy regulations. Although the GDPR’s aim is to protect the privacy and data of the citizens, many security experts claim that the new law may make it more difficult to track down cybercriminals. Mostly such concerns surround WHOIS, a system for querying databases that store the domain names and blocks of IP addresses of registered users, a system which been indispensable in tracking down cybercriminals.
As the internet develops and big companies find more intrusive ways to obtain data on consumers, there is an urging need to provide internet users with more robust tools to protect and preserve their privacy. That’s exactly the vision of the GDPR regarding internet security and privacy principles. However, cybercriminals may be the biggest beneficiaries of this new law and not the law-abiding citizens it’s meant to protect.