In our data-driven world, most organizations are at least partially dependent on a measure of electronic storage and networking. Perhaps out of experience, large organizations are generally aware of the need for effective cyber security frameworks including firewalls, access and awareness training, and anti-malware systems. Educational institutions, however, tend to be somewhat behind the curve, when it comes to tightly securing their data-verse. Recently, ethical hackers while testing the security of university networks discovered that they were able to successfully breach networks in less than 2 hours by using spear-phishing attacks to gain access to sensitive information. Well over 50 universities across the UK were a part of the test and in almost every case, testers were able to acquire domain-level administrator access used to control systems and gain complete unauthorized access to system information.
EU member states are now covered by the General Data Protection Regulation (GDPR) which is basically a law that protects the personal information of individuals within the EU and how they are used. GDPR is important for organizations around the world because it affects everyone who does business or communicates with individuals in the EU member countries. It is arguably the most important government regulation on data protection and data privacy rights in the last 20 years.