first principle of GDPR

What data is really important? Understanding the first principle of GDPR.

About six months ago, I got a call from a business owner in Germany. She was really upset about her safety but the interesting part was why. I had to hear the story behind her worry and ask her some supportive questions in order to define the threat level and then advise her on what her next steps should be to minimize and control the impact.

She was in the process of moving her business into a new office space and location, and she found a real estate agent who showed her a property she liked. She did not put down any money as a deposit before signing any paper but she gave him a copy of her ID.

Before she proceeded with the deposit payment she did a background check and she realized that the man in question was a con man and she got terrified as he was holding her most important and valuable information. Some of you might think she should have given the information after the background check? Are you sure about this? I mean, yes order of things does matter, but this is not enough for your protection.

When she first gave a copy of her identity willingly she was thinking it is just a piece of paper. Right? Wrong!

It is really amazing how people protect their money but not their private data, the misuse of which can end up costing you a hefty sum of money.  If you don’t know how important is a document with your full name, ID number, date of birth, parents’ name and address, let me assure you, it is a heaven for identity theft. Con men sell victims’ identities online and offline or use them for themselves. Keep in mind that cyber-crime is thriving online. Dark web is hosting a commercial land where cyber-criminal “goods” are sold along with all sorts of creepy services.

Want a little help?

cyber-security approach, philosophy, business, protection

How can identity theft damage you?

Identity theft consequences vary in severity but you’ve got anything between cleaning out your credit cards and bank accounts, getting loans in your name, buying or selling assets like your house or business, getting involved in illegal activities while you are clueless about it, or all the above. You could end up broke with a bad reputation, in jail for crimes and frauds you never committed or even dead. Yes, the last one is kind of extreme but I challenge you to consider who really needs to purchase a new identity? A business person, a mother or a criminal? Ok, sophisticated criminals buy a different type of fake identity than the average and low skilled ones so the last impact is rare but it is still a possibility.

You may ask me: Ok, then, but how many people could steal my identity? It should be expensive and difficult to buy even if it is up for sale. Well, a simple search on the dark web can offer a huge number of identities for sale ranging between 1 – 450 dollars with an average price of 20 dollars. Pretty affordable…

According to the 2017 Identity Fraud Study, released by Javelin Strategy & Research, $16 billion was stolen from 15.4 million U.S. consumers in 2016.

Then you might say people who are careless about giving important information to others are in more danger. Yes, that is true but you are most probably considering only some of your physical interactions to come to this conclusion. I would like to challenge you to think about all the services you use from electricity and phone to your supermarket and then have a look to your virtual interactions as well; from your email accounts, cloud services you use, accounts you have online. All these are out there in reach of cyber criminals and just a “breach away”. In fact, online data is vulnerable not only because someone you can run a background check on can access it, but because anyone can access it, one way or another.

If you believe that because you are in a certain profession it makes you immune to identity theft, re-evaluate your belief because last year a security expert was forced to file bankruptcy because of identity theft.

These are all examples of attacks initiated by you.

That is the goal of GDPR. Protect and avoid important personal data falling into the hands of people with malicious goals.

And it all starts with the understanding of data and evaluating its importance. The protection of your identity starts from you. Do not show your details or give copies of them to anyone – online or offline – always question how much and which information they need from you. Especially the online part is crucial. There is one principle about online information you should be aware of:

What goes online once, stays online forever.

So, every time you are about to post, share or save something online, even to private locations or conversations, consider these points:

  1. Is this something I would like people to see?
  2. How valuable is this information?
  3. How can it damage my personal, financial and business life if it falls into the wrong hands?

If you do not know which data is important and what can harm you I would advise you to educate yourself. In fact, I have something here to help you.

GDPR principle number 1: Evaluate your data, what is its importance and how they can harm you. At which degree can they harm you with that data? Question companies’ requests for your data. Do they really need this data to offer you a service?

You are the first line of defense in your protection. You are responsible for your security no matter if the regulations are in place or not.

Data is the most valuable asset of the 21st century both for your personal and business life, as well as for your privacy and security. Are you protecting yours?

In the following articles, I will analyze GDPR principles for you further. Overall, GDPR in its core is about understanding data and the impact of misusing data.

There is a very strong connection between valuable data and identity protection.

The GDPR regulation is doing what you should be doing with your data, protecting it with an end result of protecting you.

Apply what you learn immediately. Download “GDPR Basics” free quick start guide.

cyber-security approach, philosophy, business, protection


GDPR Interview – Part 7 Your ability to control your protection

GDPR Interview – Part 7 Your ability to control your protection

GDPR Interview - Part 7 Your ability to control your protection Click below if you prefer to listen. Free Quick start guide: GDPR basics GDPR basics Want a little help? Download “GDPR Basics” free quick start guide. Clarity is power! So, I am now turning it over to...


and get the latest updates