This week Intercity held a Cyber Security event in Birmingham as part of Intercity's drive to promote awareness with our customers and encourage them to explore ways of solving their security issues. In a well-received presentation based on a theme of nine circles of security hell, Che Smith posed the question as to what Donald Trump would do about managing the threats posed.
This got me thinking about the different attitudes to personal data which exist, in particular, between the EU and the United States. The GDPR has come as a wake-up call to many in the US because a key feature is that it covers EU citizens' data managed not only by EU organisations but also those based in the US (and any other country).
For example, if you have a Gmail account, you should be aware that Google machine-reads your content so that it knows what to advertise to you. The metadata - i.e. the data about your data - also provides information about you, e.g. who you email, when and what you include. The data about your preferences is obviously personal as it's gleaned from your 'private' correspondence.
We've grown accustomed to US hegemony when it comes to issues like extradition but now the boot is on the other foot and things will have to change or companies may find themselves in breach. You may have noticed, for example, that some US-based websites recently have become inaccessible from the UK or that EU-based visitors have to go to considerable lengths to gain access.
Why does this matter to us? Having lived with the Data Protection Act since 1998, culturally we're all aware of our obligations when it comes to data protection, so whilst the GDPR is for Intercity incremental, to others it's a considerably larger step. For some, particularly on the right in the US, it's dismissed with contempt, which gives an indication of the likely level of compliance.
