The regulation, effective since May 25, oversees new rules of the handling and spread of personal data and stipulates staggering fines if the regulation is not observed. This notably plays into hackers’ hands, as by threatening to publish sensitive data, they force companies to pay them directly. The latter are more likely to covertly pay hackers than pay fines to the French regulator, the National Commission for Computer Science and Freedoms (Commission Nationale de l’Informatique et des Libertés.)
"They hack a company’s IT system and threaten with massive data leaks to demonstrate that the company mishandles data," said Charles Préaux, founder and director of Cyber Protection Engineering School at the Higher National School for Engineers of the University of Southern Brittany (École Nationale Supérieure d’Ingénieurs de Bretagne-Sud – ENSIBS), in an interview with Sputnik.
He went on to note that harmful software, or in simpler terms, new viruses, pop up in the cyberspace every four seconds, adding that taking into account how much time, effort, money and human labor goes in to detecting, analyzing and coming up with counter-measures to the viruses, it stands to reason that "hackers enjoy an incredible advantage over us."
"To give political promises, saying that France should serve as an example [in battling cybercrimes] – let the prime minister employ all the necessary means to this end – is all very good, but it’s really, really difficult to attain this both in the state and private sector."
Yannick Harrel, professor and cyber strategy specialist and author of several books on cyberspace, has also chimed in on the debate, noting that hackers are perfectly aware of enterprises, including small, medium and big businesses, being unready to fully apply the new GDP Regulation.
"This is all more likely about blackmailing, as hackers know that this or that company hasn't taken necessary steps in this direction […] Companies fear leaks, although the stipulated punishment is not that harsh."
The corporate sector's fears appear to be quite justified, though. In one of most recent incidents, the French data protection authority CNIL announced a decision to impose a whopping 250,000 euro fine on Optical Center, a French company selling eye and hearing aids, following its failure to secure the data of customers that had ordered products on its website. The fine is the highest penalty, according to HelpNetSecurity website, ever issued by French authorities for a security breach — and it happened before the GDPR came into force. The latter stipulates even higher fines, which are up to 4 percent of a company's annual global turnover.
The views and opinions expressed in the article are those of the speakers and do not necessarily reflect Sputnik's position.