Category: Blog

  • Google Contacts removes “Recently Added” section

    Google Contacts removes “Recently Added” section

    Google has made a significant change to its Contacts app, eliminating the recently added contacts section, with usability implications.

    A change that simplifies (too much) Google Contacts

    Google Contacts, the app that comes pre-installed on many stock Android devices, has undergone a significant change.

    After introducing the “Featured” tab in the bottom bar a few years ago, which included features such as favorite contacts and birthdays, Google has now decided to remove a section.

    The “Featured” tab previously also contained “Seen” and “Added” sections, which gave users quick access to their most recently opened and created contacts.

    Google Contacts screen showing recently viewed and added contacts

    What does the removal of the “Viewed” and “Added” section in recent contacts entail?

    With this recent change, the section that displayed newly added contacts has been removed.

    Now, newly created contacts will appear directly in the “Recent” section only when opened immediately after being saved.

    This simplification, however, may be a bit too radical for some users, as in our opinion it reduces the ease with which it is possible to find the most recent contacts.

    Additionally, the change appears to exclude contacts added via the web , making the experience less integrated across devices.

    Google Contacts: What the "Highlights" screen looks like now.

    The future of Google Contacts and the evolution of the Pixel Besties Widget

    As Google continues to optimize its Contacts app, it is also working on other features, such as the “ Pixel Besties ” widget (formerly known as “ Besties ”).

    This widget, according to the description, should allow you to see recent communications and memories with your favorite people. However, there is uncertainty about which specific memories will be included and how this feature will integrate with the rest of the Google ecosystem.

    What do you think about these changes to Google Contacts? Leave a comment below and share your thoughts on how these changes will impact your experience.

  • Google rolls out AI chatbot for Gmail on Android

    Google rolls out AI chatbot for Gmail on Android

    The Gmail Q&A feature arrives on Android, allowing users to leverage Gemini’s AI to better manage their emails.

    Google brings its AI chatbot to Gmail on Android

    Google recently introduced the ability to use its Gemini AI chatbot to ask questions about your Gmail inbox on the web. Now, this feature is coming to mobile devices, starting with Android. According to Google, the Gmail Q&A feature is beginning to roll out on Android and will be “coming soon” to iOS devices.

    How Gmail Q&A works

    With the Gmail Q&A feature, users can ask Gemini questions about their inbox. You can request it to find specific details in emails, show unread messages, view messages from a specific sender, or summarize emails about a particular topic in your inbox. Google previewed this feature earlier this year during its I/O conference.

    A more effective way to manage emails

    This new feature offers an innovative way to sift through emails or find something that might be buried deep in your inbox. However, it’s important to note that the feature is not available to all users. To use it, you need to subscribe to Google One AI Premium or be on a Google Workspace plan with Gemini Business, Enterprise, Education, or Education Premium add-ons.

    A word of caution when using AI

    As with many generative AI tools, it’s advisable to always double-check that Gemini doesn’t “hallucinate” any of the results it pulls up. The Gmail Q&A feature began rolling out as of Thursday, and Google says it could take up to 15 days to appear for everyone.

    What do you think about the introduction of this new AI feature in Gmail? Leave your comment in the form below and share your thoughts with us.

  • Google Gemini: Yes to images of people with new security measures

    Google Gemini: Yes to images of people with new security measures

    Google has announced the release of new features for its AI image generation tool, promising significant improvements to ensure more accurate and confident representations.

    Google Gemini Restores Image Generation

    Google recently announced that it is reintroducing the generation of images of people for some Gemini AI users . This feature, temporarily suspended due to issues with correctly representing people, has now been improved to better meet user expectations.

    According to the company’s blog post , the latest version of the image generator, called Imagen 3 , will soon be available to those with Gemini Advanced, Business, and Enterprise subscriptions. The tool allows users to create images from simple text prompts, turning written descriptions into visual images.

    Technical improvements and new features

    Google said it has made several technical improvements to ensure that the images it generates are more accurate and respectful of cultural and racial diversity. These include improved assessment sets, red-teaming exercises, and the introduction of clear product principles.

    An example prompt provided by the company included the description of “a little dragon hatching from an egg in a sunny meadow, surrounded by bright butterflies.” Imagen 3 transformed this description into a colorful, detailed image, demonstrating the tool’s advanced capabilities.

    Security and limitations of image generation

    Google has implemented new safeguards to prevent the tool from being misused. Gemini now restricts the generation of images that may be dangerous or inappropriate, such as “self-harm instructions” or the creation of violent or sexual content. These measures were introduced to comply with the company’s ethical design principles.

    However, Google warned that since the tool is still under development, not all images generated will be perfect. The company promised to continue gathering feedback from users to further improve the tool and make it available in more languages ​​and to a greater number of users.

    Gradual launch and user feedback

    Currently, the image generation feature is not yet available to all Gemini Advanced subscribers, but Google has assured that it will be accessible soon. The company invites users to provide feedback to further refine the technology.

    What do you think about these new Google Gemini features? Share your thoughts in the form below and join the conversation!

  • Google disavow file: complete guide to creating

    Google disavow file: complete guide to creating

    One of the questions that an SEO expert asks himself already in the first SEO strategy phase is whether and when to compile the disavow file.

    The Google Disavow file is a fundamental tool for those involved in digital marketing and SEO. It allows you to report backlinks that you believe to be harmful or low-quality to Google, so that they are ignored by the search engine algorithm. But what exactly is the disavow file , how does it work, and above all, how can you create it? In this article, we will explore all these aspects in depth.

    Table of Contents

    What is the Google disavow file?

    A disavow file is a text file that can be uploaded via Google Search Console to tell Google to ignore specific backlinks pointing to your website. This tool was introduced by Google in 2012 in response to growing concerns about negative SEO , a practice where competitors try to lower a site’s ranking by bombarding it with low-quality or toxic links .

    These malicious links can come from spam websites, paid link networks, or other untrustworthy sources. Without the disavow tool , such links could negatively impact the site’s backlink profile , lowering its ranking in search engine results .

    Why is the disavow file important?

    Using the disavow tool is crucial to maintaining a clean backlink profile and safeguarding your website’s rankings. When Google detects bad backlinks , it can penalize your site, reducing its visibility in search results. While Google is smart enough to ignore many low-quality links , some can still slip through the cracks and hurt your SEO.

    The disavow file allows you to manually reject backlinks that you consider dangerous. This tool should be used with caution, as excluding bad backlinks could have a negative impact on SEO . Therefore, it is advisable to perform a thorough backlink audit before proceeding .

    How to create disavow file

    Creating a disavow file is a fairly simple process, but it does require attention and precision. Here is a detailed guide on how to proceed:

    1. Backlink Analysis
      First of all, you need to identify the backlinks that can be harmful to your site. This can be done using various backlink analysis tools , such as Ahrefs, SEMrush or Moz. These tools provide a complete overview of your site’s backlink profile , highlighting toxic or suspicious links.
    2. Creating a Text File
      Once you have identified the bad backlinks , the next step is to create a text file (.txt) that includes the URLs or domains you want to disavow. This is essentially a list of disavow links. Each backlink should be placed on a separate line. If you want to disavow an entire domain, you can use the prefix “domain:” followed by the domain name (e.g. domain
      .com). It is important to note that each line should contain only one URL or domain.
    3. Uploading the disavow file
      After creating the file, the next step is to upload the file to Google Search Console using the disavow link tool. Go to the “ Disavow links ” section and upload the file you just created. Once uploaded, Google will start ignoring the backlinks listed in the file.
    4. Monitoring and updating
      After uploading the disavow file , it is important to monitor the results over time. You can do this via Google Search Console and other SEO analysis tools. If you notice additional malicious links , you can update the file and re-upload it. Keep in mind that the disavow process can take several weeks to take effect, meaning that the indicated backlinks will be ignored by Google.

    Example of a disavow file

    Here is an example of a disavow .txt file:

    https://www.example1.com
https://www.example2.com
https://www.example3.com

    In this example, the disavow file contains three website URLs that the website owner does not want Google to consider when evaluating their website.

    Here’s another, more detailed example:

    # Disavow file for the website www.mydomain.it

# Links to low quality websites

https://www.example1.com/harmful-category/ 
https://www.example2.com/spam-page/ 
https://www.example3.com/harmful-content/

# Links to websites with malicious content

https://www.example4.com/page-with-virus/
https://www.example5.com/page-with-malware/
https://www.example6.com/page-with-illegal-content/

# Link a siti web che sono stati penalizzati dai motori di ricercaLinks to websites that have been penalized by search engines
https://www.example7.com/penalized-for-spam/
https://www.example8.com/penalized-for-repeated-content/
https://www.example9.com/penalized-for-bad-links/

    In this example, the disavow file contains links to websites that have been identified as harmful to the website www.mydomain.com. The links have been classified based on the type of damage they can cause: low quality, harmful content, or penalization by search engines.

    The disavow tool is a powerful tool that can protect your website from unwanted backlinks and improve its position in search results. However, it should be used with caution and only after conducting a thorough backlink audit . Ignoring malicious links could cost you a lot in terms of visibility, while improper use of the disavow file could cause your site to lose useful links .

    Remember that not all low-quality links need to be disavowed, as Google can filter out many of them automatically. However, if you are facing a negative SEO attack or notice a significant drop in rankings, using the disavow tool may be the right solution.

    Frequently Asked Questions

    1. What is disavow file?
      It is a text file used to ask Google to ignore specific malicious or unwanted backlinks .
    2. When should I use the disavow tool?
      When you notice an increase in bad links or if you suspect a negative SEO attack .
    3. Can I remove individual URLs with the disavow file?
      Yes, you can specify individual URLs or entire domains to ignore.
    4. How do I upload a disavow file to Google?
      The file can be uploaded via the Google Search Console , in the “Disavow Links” section.
    5. How long does it take for Google to ignore links?
      The process can take several weeks, depending on how often your site is crawled.
    6. Can I update an existing disavow file?
      Yes, you can update and re-upload the file whenever you identify new backlinks to disavow.
    7. What happens if I disown a useful link?
      The site could lose a valuable backlink , negatively impacting the ranking.
    8. What tools can I use to identify bad backlinks?
      Ahrefs, SEMrush, Moz, and Google Search Console are some of the most popular.
    9. What are toxic links?
      These are backlinks from spam or untrustworthy sites that can damage a site’s SEO.
    10. Is the disavow tool necessary for all sites?
      Not always. It is mainly recommended for sites with problematic or suspicious backlinks .
  • How to remove your house from google maps

    How to remove your house from google maps

    One of the most common concerns is how visible our homes are on online platforms. For many, the idea that their house is easily viewable on Google Maps, particularly in Street View, is unsettling. Fortunately, Google offers a way to address these concerns. 

    If you’re looking to remove your house from Google Maps, this guide will walk you through the necessary steps.

    Why consider removing your house from Google Maps?

    Before diving into the process, it’s important to understand why someone might want to remove their house from Google Maps. Privacy is a major concern. 

    Whether you’re worried about potential security risks or just prefer not to have your home displayed for all to see, removing or blurring your home on Google Maps is a valid precaution. Additionally, some may feel uncomfortable with how detailed Street View images can be, sometimes capturing cars, personal items, or even people in front of their homes.

    Steps to remove your house from Google Maps

    If you’ve decided to proceed with removing your house, the process is fairly straightforward, but it requires a few steps. Here’s how you can do it:

    1.Accessing Google Maps Street View
    Begin by opening Google Maps in your web browser. Enter your address in the search bar and hit enter. 

    Once your location appears, drag the small yellow figure (known as Pegman) from the bottom right corner of the screen onto the street in front of your house. This will activate Street View mode.

    2.Locate your house in Street View
    Use the arrows on the screen to navigate and find the exact view of your house that you want to remove or blur. It’s essential to get the correct angle and location before proceeding.

    3.Report a problem
    In the bottom right corner of the screen, you’ll see an option labeled “Report a problem.” Click on it to initiate the process. This will open a new window where you can report the image that you want to be blurred or removed.

    4.Fill out the form
    Google will ask you to fill out a form detailing the issue. In this case, you should select “My home” under the “Request blurring” section. 

    Google may also ask you to provide additional details to ensure the correct part of the image is blurred or removed. Be as specific as possible to avoid any errors.

    5.Submit your request
    After you’ve completed the form, double-check all your details and then submit the request. Google will review the information, and if they determine that your request is valid, they will take action. This process can take several weeks, so patience is necessary.

    6.Follow up if necessary
    If, after some time, you don’t see any changes, it might be worth following up. You can do this by submitting another report a problem request or by contacting Google support directly.

    What happens after you report a problem?

    Once you’ve successfully submitted your request to remove your house from Google Maps, Google will review it. If approved, your home will be blurred in Street View images, which effectively removes it from being easily recognizable. However, it’s important to note that this action is permanent; once Google blurs your house, it cannot be unblurred. This ensures that your privacy is respected in the long term.

  • Google Chrome Update: protect your browser before it’s too late

    Google Chrome Update: protect your browser before it’s too late

    A new zero-day vulnerability threatens browser security: learn how and why to update now.

    Google Chrome and the new zero-day threat

    Recently, Google revealed a dangerous vulnerability in its popular browser Chrome, urging users to update immediately. This flaw, known as a zero-day vulnerability, poses a particularly serious threat as it indicates that someone is not only aware of the issue but is actively exploiting it.

    The CVE-2024-5274 vulnerability

    The flaw in question, tracked as CVE-2024-5274, involves a “confusion” type error, where the browser’s code does not correctly verify the type of object it is processing. This lack of control can lead to the processing of incorrect data, which malicious actors could exploit to execute harmful code.

    Google recently released an update to fix this vulnerability, making it the fourth zero-day resolved this month alone and the eighth since the beginning of 2024.

    How to update Google Chrome

    Updating Google Chrome is a simple yet essential process to protect your online security. Here’s how you can do it:

    1. Click the three dots in the top right corner of the browser window.
    2. Go to Help > About Google Chrome.
    3. Allow Chrome to check for a new update.
    4. Follow the on-screen instructions to download and install the update.

    This update is available across multiple platforms, including Windows, Mac, and Linux, with the following version numbers: 125.0.6422.112/.113 for Windows and Mac, and 125.0.6422.112 for Linux.

  • Google Essentials, BigG pushes its apps on new Windows laptops

    Google Essentials, BigG pushes its apps on new Windows laptops

    The Essentials app, preinstalled on HP laptops, offers quick access to Google services like Messages, Photos, and Play Games, enhancing the integration between Google and Windows.

    Google introduces Essentials on HP laptops

    Google is expanding its influence in the Windows sector with the launch of a new application called Essentials. This innovative platform, preinstalled on HP laptops from the Spectre, Envy, Pavilion, OMEN, and Victus series, provides users with quick and easy access to Google services directly from their desktop.

    A single hub for all Google services

    The Essentials app integrates various Google tools like Messages, Photos, and Play Games into a single interface, along with productivity tools like Sheets, Docs, Drive, and Calendar. With this centralized solution, users can easily manage their daily activities, thereby enhancing their device experience.

    Free trial of Google One and future developments

    A standout feature of the Essentials app is the offer of a two-month free trial for Google One, which includes 100GB of storage. This opportunity allows users to explore the potential of cloud storage and data synchronization without additional costs. While the app is currently available only on HP laptops, Google plans to extend it to other models and computer manufacturers.

    A step towards greater integration between Google and Windows

    The introduction of Essentials follows the recent launch of Play Games on Windows, which allowed users to play Android titles on their computers. With support for mouse and keyboard and synchronization across devices, the integration of Essentials marks another step toward simplified and centralized management of Google services within the Windows ecosystem.

    What do you think of this new move by Google? Have you tried the Essentials app yet? Share your thoughts by commenting in the form below!

  • What is the Internet? A History of Innovation and Connection

    What is the Internet? A History of Innovation and Connection

    The Internet is a global network that has transformed the world we live in. It has a fascinating history that spans decades of innovation and change.

    In this article we will look at what the internet is and explore its history and evolution.

    Table of Contents

    What is the Internet?

    The Internet , short for “ Interconnected Networks ”, is a vast telecommunications network made up of computers and devices connected to each other around the world .

    This network allows the sharing of information, communication and access to digital resources through standard protocols.

    In simpler terms, the Internet can be considered a network of networks , a collection of devices and infrastructures that allow people, companies and institutions to communicate and exchange data around the world.

    The Internet was created to facilitate communication and sharing information more efficiently, allowing the transmission of text, images, sounds and data of all kinds through a variety of protocols and technologies.

    It is a versatile and open medium that has transformed society and the economy, profoundly influencing people’s daily lives in many ways, including commerce, education, entertainment, research and global connection.

    Who invented the Internet?

    The birth of the Internet dates back to the 1960s with the ARPANET (Advanced Research Projects Agency Network), a project of the United States Department of Defense .

    ARPANET originated as a response to growing US concern about the security of military communications during the Cold War.

    ARPANET was developed to create a robust communications network that could survive emergency situations, such as nuclear attacks.

    On October 29, 1969, the first message was successfully transmitted between two computers connected to the ARPANET.

    This event marks the birth of the network, with the first two nodes located at the University of California at Los Angeles (UCLA) and the Stanford Research Institute .

    The NCP Protocol: ARPANET used the NCP (Network Control Program) protocol to manage communication between computers. This was the predecessor of the TCP/IP protocol that would later form the basis of the Internet.

    Expansion and growth: Throughout the 1970s, ARPANET expanded and involved universities, research laboratories, and military institutions. This growth has led to greater interconnection and the creation of an increasingly robust network.

    The TCP/IP protocol and 1983

    The next step was the development of the TCP/IP protocol (an acronym for Transmission Control Protocol/Internet Protocol ) by Vinton Cerf and Bob Kahn . This protocol allowed different networks to communicate with each other, creating the infrastructure for global interconnection.

    In 1983, ARPANET implemented the TCP/IP protocol, marking the official transition to the Internet. From this point on, the number of connected computers and networks grew rapidly.

    The Birth of the World Wide Web: The 1990s

    The birth of the World Wide Web (WWW or Web) in the 1990s was a revolutionary moment in the history of the Internet, as it made the Internet accessible and usable by a wide audience.

    Here is a summary of its creation and impact:

    Invention of the World Wide Web: The World Wide Web (www) was invented by Tim Berners-Lee , a British engineer working at CERN in Geneva (European Organization for Nuclear Research) in Switzerland.

    In 1989, Berners-Lee proposed the concept of a hypertext– based information management system that would allow scientists to easily access and share research information. His project took the name “WorldWideWeb.”

    First Website: The first website ever created was dedicated to the World Wide Web itself and went online in August 1991. It was a rudimentary site that explained what the World Wide Web was and how it worked.

    Key protocols and languages: Berners-Lee also developed the Hypertext Transfer Protocol (HTTP) and the Hypertext Markup Language (HTML) for creating web pages. These standards are still widely used today for building websites .

    First web browser: In 1993, the first web browser called “Mosaic” was created by Marc Andreessen at the National Center for Supercomputing Applications (NCSA) at the University of Illinois. This browser has helped make the Web more accessible and user-friendly.

    Expansion of the Web: In the 1990s, the World Wide Web experienced explosive growth. More and more people and companies have started creating websites, publishing content and accessing information online. The Web has become a platform for commerce, communication, education and entertainment.

    Convergence with the Internet: The World Wide Web has become an integral part of the Internet. While the Internet represents the physical infrastructure and computer network, the Web is the interface that allows users to navigate and access resources on the Internet.

    The invention of the World Wide Web democratized access to information and made the Internet a more accessible medium for people around the world.

    Even today, the internet has revolutionized communication, commerce, education and has opened the way to new opportunities and innovations.

    The combination of protocols, languages and web browsers has made the Web a powerful tool for global sharing and collaboration.

    How does the Internet work?

    The Internet is a true network of networks, a complex system that allows connected computers and devices around the world to communicate with each other and share information.

    The functioning of the Internet is based on fundamental principles and protocols.

    In summary, the Internet functions as a global network of connected computers and devices that exchange data using standard protocols and communicate via IP addresses.

    The network is operated by a series of servers, routers, and Internet service providers that enable communication and access to digital assets around the world.

    Here is an overview of how the Internet works:

    1. TCP/IP Protocol: The Transmission Control Protocol/Internet Protocol (TCP/IP) is the basis of the Internet. This protocol defines how data should be split into packets, addressed and sent between connected devices. TCP/IP is responsible for routing, sending, and receiving data on the Internet.
    2. IP Addresses: Every device connected to the Internet has an Internet Protocol (IP) address. IP addresses uniquely identify devices on the network, allowing them to send and receive data. IP addresses can be IPv4 (32 bit) or IPv6 (128 bit) to meet the growing demand for addresses.
    3. ISP (Internet Service Provider): ISPs are companies that provide access to the Internet. These companies connect user devices to the Internet through network connections, such as DSL, fiber optics, cable, or mobile networks. ISPs assign IP addresses to user devices when they connect to the Internet.
    4. Network of networks: The Internet is a network of networks. Devices around the world are connected to the Internet through a variety of regional, national and international networks. These networks are connected to each other via central servers and exchange data via routers and switches.
    5. Server and Client: The Internet works on the basis of the client-server model. Servers are computers or devices that provide services and resources, such as websites, emails, or files. Clients are user computers that request and access these resources using dedicated software such as web browsers or applications.
    6. DNS (Domain Name System): DNS is a system that associates domain names (such as www.google.com ) with corresponding IP addresses. When you type a domain name into your browser, DNS translates that name into an IP address so your computer can connect to the desired server.
    7. Data packets: Data sent over the Internet is divided into packets. Each packet contains a part of the data, the destination IP address and other information. These packets travel across the network and are then brought together again at the destination device.
    8. Routing: IP addresses and network routers are responsible for routing data packets. Each packet is sent along the most efficient path to its destination, passing through various routers and network nodes along the way.
    9. Communication Protocols: In addition to TCP/IP, the Internet uses various communication protocols for different purposes. For example, HTTP (Hypertext Transfer Protocol) is used for transferring web pages, while SMTP (Simple Mail Transfer Protocol) handles email.
    10. Security and Encryption: Security is paramount on the Internet. The use of encryption protocols, such as HTTPS, ensures data is protected during transfer, while firewalls and security software help protect devices from online threats.

    Evolution of the Internet in the 21st century

    In the 21st century, the Internet has continued to grow and evolve.

    The advent of technologies such as Wi-Fi, mobile devices and social networks has made the Internet an integral part of everyday life.

    Every aspect of modern society, from education to commerce, communication and entertainment, has been transformed by the ubiquity of the Internet.

    Here are some of the major developments and trends that have shaped the evolution of the Internet in the 21st century:

    1. Expanding Connection: One of the hallmarks of the 21st century has been the expansion of Internet access around the world. Connectivity has become more accessible thanks to the widespread use of Wi-Fi connections, mobile networks and advanced communications infrastructure.
    2. Mobile Devices: Smartphones and tablets have become the primary way of accessing the Internet for many people. The evolution of mobile technologies has made it possible to surf the web, communicate and use apps wherever you are.
    3. Social media: Platforms like Facebook, Twitter, Instagram and many others have changed the way people communicate and share content online. Social media has influenced politics, pop culture, and personal communication.
    4. E-commerce: E-commerce has grown significantly, allowing people to purchase products and services online. Large companies like Amazon have revolutionized the online commerce sector.
    5. Cloud computing: Cloud computing has made it easier and more convenient to store data, host services and develop applications. This has led to greater flexibility and scalability for businesses
    6. Big data: The growing amount of data generated by the Internet has led to the need for advanced tools and techniques for managing, analyzing and using big data. Data analytics has become essential for many companies and industries.
    7. Artificial Intelligence (AI): AI has begun to be widely used to improve search, process automation, and personalization of online services. Chatbots, virtual assistants, and machine learning algorithms have become common.
    8. Internet of Things (IoT): Internet-connected devices, from smart refrigerators to autonomous cars, have begun to transform daily life and industry.
    9. Cyber Security: Increasing dependence on the Internet has led to an increased focus on cybersecurity and privacy protection.
    10. 5G networks: The introduction of 5G networks offers faster connections and greater bandwidth capacity, paving the way for new applications and services.
    11. Blockchain and Cryptocurrencies: Blockchain technology has led to the emergence of cryptocurrencies such as Bitcoin and Ethereum, revolutionizing the financial sector and introducing new transaction models and smart contracts.
    12. Online education and work: Distance education and remote work have become more common, no doubt accelerated by the COVID-19 pandemic.

    Its evolution continues to influence every aspect of modern life and promises further developments and innovations in the coming years.

  • GDPR and cybersecurity: data protection

    GDPR and cybersecurity: data protection

    Introduction to the GDPR

    The GDPR is the acronym for General Data Protection Regulation. This is a European Union law adopted to harmonize personal data protection laws across the EU and to strengthen citizens’ rights regarding the management of their data.

    The GDPR was approved by the European Parliament on 27 April 2016 and officially entered into force on 24 May 2016, but its implementation took place two years later, therefore starting from 25 May 2018. 

    From that moment on, all organisations, regardless of their location, that process personal data of European Union citizens are obliged to comply with this legislation.

    In general, the GDPR requires that companies must collect and process personal data in a lawful, transparent and limited way to the stated  processing purposes .

    Individuals have the right to know what data is collected about them, to access that data, to request rectification or deletion, and to object to certain methods of processing. Furthermore, the regulation requires companies to implement adequate technical and organizational measures to ensure the security of personal data, preventing unauthorized access and other threats that could compromise the privacy of individuals.

    GDPR and IT security: an essential combination

    The European Data Protection Regulation , known as GDPR, was introduced to ensure that the rights and freedoms of natural persons are adequately protected in the context of the processing of personal data . 

    This has posed new challenges for businesses, especially in relation to cybersecurity . Although some believe that “ cyber security is excluded from the GDPR ,” in reality, the GDPR requires every organization to put in place appropriate technical and organizational measures to protect data.

    The basics of the GDPR and cybersecurity

    The General Data Protection Regulation (GDPR) not only establishes how personal data should be processed but also imposes specific security measures to protect it. These measures are essential to ensure that data processing takes place in a secure environment, considering the state of the art in cybersecurity and the level of risk associated with potential threats.

    Although the GDPR does not provide technical details on how to implement security measures, it requires companies to ensure an adequate level of protection to prevent unauthorized access, data breaches, and other security incidents.

    Key Cybersecurity Measures Required by GDPR

    To comply with GDPR, companies must adopt security measures such as:

    1. Data Encryption
      GDPR encourages the use of encryption to protect sensitive information.
      • Example: A hospital handling medical records may implement end-to-end encryption to secure test results sent to patients via email.
      • Example: A bank uses AES 256-bit encryption to protect customers’ online transaction data.
    2. Access Control
      Restricting data access to only authorized personnel reduces the risk of breaches.
      • Example: An e-commerce company implements multi-factor authentication (MFA) to ensure that only authorized employees can access customer data.
      • Example: A university deploys a role-based access control (RBAC) system to limit access to student records to only professors and administrators.
    3. Threat Monitoring and Detection
      GDPR requires measures to detect and respond to data breaches quickly.
      • Example: A pharmaceutical company uses Security Information and Event Management (SIEM) to monitor real-time suspicious access to corporate servers.
      • Example: A social media platform employs Intrusion Detection and Prevention Systems (IDS/IPS) to identify and block unusual activities in user databases.
    4. Data Pseudonymization
      Pseudonymization is a technique that separates personal data from identifiable details.
      • Example: A medical research company assigns anonymous codes to store clinical trial data without directly linking it to patients’ identities.
      • Example: An insurance company converts sensitive data into unique identifiers, so that personal information is not directly traceable to an individual.
    5. Incident Response Plans
      Having a plan to respond to breaches is crucial to minimizing damage and complying with GDPR’s notification requirements.
      • Example: A fintech company has a data breach notification protocol that allows it to inform authorities within 72 hours, as mandated by GDPR.
      • Example: A global retail corporation conducts cyberattack simulations (red teaming) to test how well its security team can handle potential breaches.

    The principle of accountability

    One of the key concepts of the General Data Protection Regulation (GDPR) is the principle of accountability. This principle requires companies not only to comply with data protection regulations but also to demonstrate actively that the technical and organizational measures they have implemented are appropriate and effective.

    It’s not just about following the rules; organizations must be able to prove that they have put in place proportionate measures based on the nature of data processing and associated risks. This involves continuous risk assessment, adopting solutions that align with the state of the art in cybersecurity and data protection.

    How Does Accountability Work in Practice?

    Companies can demonstrate compliance with the accountability principle through various actions:

    1. Maintaining and Updating the Record of Processing Activities (RoPA)

    GDPR requires companies to document their data processing activities in a record of processing activities.

    • Example: A digital marketing company keeps an updated record of its advertising campaigns, specifying what personal data is collected (emails, purchase preferences), who has access to it, and how long it is retained.
    • Example: A hospital maintains a detailed record documenting the purpose of processing medical data, the security measures in place, and which personnel categories can access it.

    2. Implementing Data Protection Policies

    Organizations must establish clear policies on data management and ensure that all employees are aware of them.

    • Example: A bank has an internal data protection policy outlining strict rules on how employees can access customers’ financial data and the procedures to follow in case of a security breach.
    • Example: An e-commerce company implements a user data processing policy, ensuring that credit card data is encrypted and that customers can easily request data deletion.

    3. Conducting Data Protection Impact Assessments (DPIA)

    DPIAs are mandatory when data processing is likely to result in a high risk to individuals’ rights and freedoms.

    • Example: A video surveillance company installing facial recognition cameras conducts a DPIA to evaluate privacy risks and define appropriate mitigation measures.
    • Example: A social media platform launching a new AI-based profiling system carries out a DPIA to assess its impact on user rights.

    4. Appointing a Data Protection Officer (DPO)

    Organizations must designate a Data Protection Officer (DPO) if they process large-scale or sensitive personal data.

    • Example: A healthcare provider handling sensitive patient information appoints a DPO to monitor GDPR compliance and advise on security measures.
    • Example: A software company developing biometric data processing solutions hires a DPO to oversee its data protection practices.

    5. Training Employees on Data Protection

    Accountability also requires educating employees about security and data protection best practices.

    • Example: An IT company organizes annual training sessions for its staff on phishing, secure password management, and corporate data protection.
    • Example: A financial institution introduces periodic security tests to ensure employees can recognize phishing emails and follow proper security protocols.

    6. Prompt Notification of Data Breaches

    GDPR mandates that data breaches must be reported to authorities within 72 hours, and in some cases, affected individuals must also be informed.

    Example: A mobile banking app detects unauthorized access to customer accounts and sends immediate notifications to users, advising them to change their login credentials.

    Example: A telecommunications company, after experiencing a cyberattack that compromised thousands of customer records, notifies the Data Protection Authority within the required timeframe and directly contacts affected users.

    Adequate technical and organizational measures

    What Does “Adequate Security Measures” Mean in GDPR?

    Under the General Data Protection Regulation (GDPR), the concept of adequate security measures refers to implementing safeguards that are proportionate to the risks associated with processing personal data.

    Article 32 of the GDPR states that companies must adopt security measures considering:

    • The state of the art in cybersecurity.
    • The cost of implementation of security measures.
    • The nature, scope, context, and purpose of data processing.
    • The risks posed to individuals’ rights and freedoms in the event of a data breach.

    This means there is no one-size-fits-all solution—security measures should be scalable and tailored to the type of data being processed and the associated threats.

    Risk Assessment: The First Step to Adequate Security

    Before implementing security measures, a company must conduct a risk assessment to identify threats and vulnerabilities in its IT systems. This evaluation typically includes:

    • Identifying the types of data processed (e.g., sensitive data like medical or financial records).
    • Analyzing potential threats (hackers, malware, unauthorized access).
    • Assessing internal vulnerabilities (e.g., weak passwords, outdated software).
    • Evaluating the potential impact of a breach (identity theft, reputational damage, fines).

    Examples of GDPR-Compliant Security Measures

    Depending on the company’s size and the type of data handled, security measures can vary. Here’s an overview of key solutions:

    1. Data Encryption: Protecting Sensitive Information

    Encryption ensures that data remains unreadable without a decryption key.

    • Small business: A law firm encrypts client documents using full-disk encryption on company laptops.
    • Large corporation: A bank applies AES 256-bit encryption to secure online transactions and customer credentials.

    2. Access Control: Restricting Who Can View Data

    Limiting data access to authorized personnel reduces the risk of data leaks.

    • Small business: An e-commerce company uses multi-factor authentication (MFA) to ensure only authorized employees can access customer data.
    • Large corporation: A hospital implements a role-based access control (RBAC) system, allowing doctors to access medical records but limiting administrative staff to billing information.

    3. Threat Monitoring and Detection

    Implementing monitoring systems helps detect suspicious activity or unauthorized access attempts.

    • Small business: A consulting firm uses a next-generation firewall and intrusion detection system (IDS) to protect business data.
    • Large corporation: A multinational company deploys a Security Information and Event Management (SIEM) system to collect and analyze system logs for potential anomalies.

    4. Backup and Disaster Recovery: Ensuring Data Availability

    Having data backups ensures that information can be restored in case of cyberattacks or system failures.

    • Small business: A dental clinic performs automated cloud backups every 24 hours to protect patient records.
    • Large corporation: An airline uses a disaster recovery strategy with real-time data replication across multiple global servers.

    5. Pseudonymization: Separating Personal Data from Identifiers

    Pseudonymization reduces privacy risks by replacing identifying data with artificial identifiers.

    • Small business: An online survey platform assigns anonymous ID numbers instead of user names to reduce the risk in case of a breach.
    • Large corporation: A medical research institute stores genetic data using unique identifiers, ensuring that it cannot be directly linked to an individual.

    6. Incident Response Plans: Being Prepared for Data Breaches

    GDPR requires companies to report data breaches to authorities within 72 hours.

    Large corporation: A telecommunications company has a Cybersecurity Incident Response Team (CSIRT)that immediately reacts to cyberattacks, mitigates damage, and notifies affected users.

    Small business: An online retailer suffers a cyberattack and follows its data breach notification protocol, informing both customers and the Data Protection Authority.

    The processing implements security measures

    Organizations are required to ensure that any processing of personal data implements appropriate security measures. 

    This means that security is not something that can only be considered at the beginning of a project or during the design of a system, but must be integrated into every phase of the data lifecycle. The European regulation emphasizes that companies must consider the context and purposes of the processing and take into account the state of the art when deciding which measures to take.

    Measures may include adopting security policies, training staff, implementing advanced technological solutions and creating processes to manage data breaches. This proactive approach is essential to maintaining GDPR compliance and protecting data effectively.

    In summary, the GDPR and cybersecurity are closely linked. While cybersecurity is not the sole focus of the GDPR, it is clear that the regulation requires organizations to take appropriate technical and organizational measures to protect personal data. 

    This requires a continuous commitment by companies to assess risks, adopt best practices and ensure an adequate level of security to prevent unauthorized access and other threats. In an increasingly digital world, data protection is not just a matter of regulatory compliance, but is also fundamental to safeguarding the rights and freedoms of natural persons. 

    Frequently asked questions

    What is GDPR and how does it affect cybersecurity?
    The GDPR is a European regulation that establishes rules for the protection of personal data. It requires the adoption of IT security measures to protect such data.

    Is cybersecurity excluded from the GDPR?
    No, cybersecurity is not excluded from the GDPR. Indeed, the GDPR requires the adoption of adequate technical and organizational measures to guarantee data security.

    What are appropriate technical and organizational measures?
    They are practices and tools adopted by companies to ensure that personal data is processed securely, taking into account the state of the art and risks.

    Does GDPR require data encryption?
    The GDPR does not explicitly require encryption, but considers it a useful measure in many cases to protect personal data.

    How do you demonstrate GDPR compliance?
    Through the principle of accountability, which requires documenting and demonstrating the adoption of security measures appropriate to the context and purposes of data processing.

    What is the role of data processing in the GDPR?
    Data processing is any operation performed on personal data. The GDPR requires that all processing is safe and compliant with the rules of the regulation.

    What does “adequate level of security” mean?
    It means adopting security measures proportionate to the risk associated with data processing, also considering the context and purposes of the processing.

    Does GDPR only apply to large companies?
    No, the GDPR applies to all organisations, regardless of size, that process the personal data of EU citizens.

    How are data breaches handled under the GDPR?
    Violations must be reported to the competent authorities within 72 hours and, in some cases, to the interested parties. 

    Does the GDPR require the use of advanced technologies?
    The GDPR requires that the security measures adopted are appropriate, taking into account the state of the art, but does not specify particular technologies.

error: Content is protected !!
×