GDPR's impact on cybersecurity: A review focusing on USA and European practices

Abstract

The General Data Protection Regulation (GDPR) has emerged as a landmark legislation reshaping the global landscape of data privacy and cybersecurity. Enforced in May 2018, the GDPR has had a profound impact on organizations worldwide, prompting a reevaluation of cybersecurity practices to ensure compliance with stringent data protection standards. This paper provides a comprehensive review of GDPR's influence on cybersecurity, with a particular emphasis on the contrasting approaches and practices adopted in the United States (USA) and Europe. The GDPR introduces a set of robust principles designed to protect the rights and privacy of individuals, emphasizing the need for transparency, accountability, and proactive measures to safeguard personal data. Its extraterritorial scope extends its impact beyond European borders, compelling businesses operating globally to adhere to its regulations. This paper explores the challenges and opportunities arising from GDPR compliance, examining how organizations in the USA and Europe have navigated the evolving cybersecurity landscape. In the USA, where privacy regulations historically differed across states, the GDPR has prompted discussions around the development of federal privacy laws. The review delves into the varying approaches adopted by American businesses, considering the interplay between state and federal regulations in shaping cybersecurity strategies. Conversely, European practices reflect a proactive response to the GDPR, as organizations have embraced the principles embedded in the regulation to fortify cybersecurity frameworks. The paper investigates the evolution of cybersecurity standards in Europe, highlighting successful strategies and potential areas for improvement. By synthesizing experiences from both sides of the Atlantic, this review contributes to a deeper understanding of the GDPR's impact on cybersecurity. It sheds light on the evolving dynamics of data protection, offering insights for organizations seeking to enhance their cybersecurity resilience in the face of a rapidly changing regulatory landscape.