The Equifax Hack, GDPR, and VL OMNI’s Move Towards GDPR Compliance


Yet another hack is being splashed across media outlets: Equifax will go down in history as one of the worst data breaches of our time. Joining the likes of Target, Yahoo, Sony, and many more, the Equifax breach leaves consumers wondering how exposed their data is, and where to turn next.

It’s the latter part of that last statement that’s particularly worrisome: time and time again, data breaches leave users vulnerable and confused. Searches for ‘is my data at risk?’ always spike in search engines after these breaches, which, on the surface, makes complete sense. But dig a little deeper into the why behind the ‘is my data at risk?’ search, and you’ll see that people aren’t sure when they last used the service, and if they no longer use it anymore, if their data was still in the breached system.

It all comes back to data security — and having an emergency plan

The unfortunate reality of our highly interconnected and digital world is that data breaches are a part of our world — or, that’s at least how things are for now. Data security and risk management in the event of a breach have clearly been on regulatory bodies’ minds: there are well-known regulatory gaps in how corporations store, manage, and secure customer data that ultimately leaves it vulnerable and exposed.

So where did Equifax fall short?: “The company doesn’t face the constant monitoring and auditing that help strengthen banks’ systems and data protections”. Simply (and shockingly), Equifax was in a regulatory grey area. Not quite a bank but storing important consumer financial data and more, Equifax wasn’t being held to any standards on data security or risk management.

And the results have been harrowing. The Equifax data breach compromises nearly half of the American population’s social security numbers, credit card numbers, personal information and confidential information.

And it gets worse: aside from the “one job” Equifax had in protecting highly sensitive personal data, their instructions to those who may have had their personal information exposed are severely lacking. Not only weren’t safeguards and protections put in place to prevent a breach like this from happening, Equifax clearly does not have an adequate risk management plan for an event like this. check out this article (Instead media outlets have taken up the charge: if you think your data was breached, on what to do next.)

Moving into the Reality of Data Protection: GDPR as the New Standard

In Canada, we have CASL and other regulations. In the US, they have HIPA and others. But neither of these digital regulations and protectionary clauses come close to what the European Union is looking to bring into enforcement next spring. Learn more about GDPR from Statement. Agency, a specialist Shopify eCommerce agency, with offices across the North of the UK, dedicated to creating online stores that not only look good but also sell more and one of VL’s Partners.

Introducing the EU General Data Protection Regulation (GDPR).

GDPR is the most important change in data privacy regulation in past 20 years and will come into act on May 25, 2018. This legislation not only has teeth (violators can be fined 4% of annual global revenue or €20 million for non-compliance — whichever amounts to more), it looks to lock down key areas of weakness for businesses dealing with data that can be traced back to a living, breathing person. GDPR also forces businesses storing, using, or otherwise touching the data of individuals in the EU to have a comprehensive plan for if things go awry. 

In short, all businesses who collect, store, and/or process any data relating to an individual in the EU must be secure. This data can be anything from a name, photo, banking details, and more. Businesses who are looking to be (or need to be) compliant with GDPR by May 2018 need to undertake data mapping — including any third parties that have access to that data — to expose compliance obligations. Documentation is key: data flow mappings and the resulting risk management plans need to be comprehensive and detailed, and available in case of a breach or hack.

Ultimately, Equifax definitely would not meet the burden of requirement GDPR is asking for. One can only guess if things would have been different if GDPR was already enforced — and if other countries around the globe had similar regulation in place to prevent mass breaches like it.


Without getting too technical, VL OMNI and our VL OMNI Dashboard fall under the umbrella of needing to be GDPR compliant, as we both work with EU customers and EU individuals’ data in our integrations and automations.

While we’re already highly secure and well-steeled against any data breaches or hacks, we both see the value in and are required to be compliant with GDPR by May of 2018. VL has already started in on becoming GDPR Compliant; come May 2018, you will notice some changes to our Privacy Policy page on our website, as well as to our contracts and other legal documents (which will outline that it is our responsibility to ensure we are fully GDPR compliant on behalf of our customers).

So what does this mean for current and future customers of VL and VL OMNI? Not only do you have best-of-breed data integration that’s agile, scalable, and strategically matched to your business’ objectives, you’ll also be able to rest comfortably knowing that your data is locked down tight and protected at all times.

Learn More About VL OMNI

Get Started Today