Data Security – Makes Sure you are GDPR Ready
The General Data Protection Regulation (GDPR) comes into force in the UK on 25 May 2018. It is the biggest change to UK data privacy laws for 20 years and creates a single set of rules that protects personal information for all citizens of the EU. Designed to give people more control over their data, GDPR represents a challenge to organisations, who must bring their data protection policies into line with the regulation. ALL organisations must review how they manage personal data and will be faced with tough fines for failing to meet GDPR requirements.
Recent research by the Federation of Small Business shows that over one third of small businesses have not started preparing for GDPR and many believe that the new regulations do not affect them. However, this is not the case: GDPR will affect EVERY organisation and no matter what happens with regards to Brexit, the UK must still comply. In fact, if you don’t, your organisation could risk a fine of 4% of its annual turnover or 20million Euros.
Given that non-compliance can result in such a huge fine, GDPR in fact presents firms with a fantastic opportunity to improve their IT security. With recent highly publicised malware and Ransomware attacks on organisations, data security has become one of the biggest challenges facing IT departments. Indeed, many organisations list improving security as the main priority of their IT departments in the next 12 months. Under GDPR rules any company must adhere to the strict rule of notifying customers about a data breach within 72 hours. Currently only 18% of companies feel they have a procedure in place that will allow them to do so. Simple steps like installing a firewall or using two factor authentication can help protect your business not only from cyber-attacks but also from falling foul of the strict new GDPR rules. It is a fact that 1 in 5 employees will unwittingly open and click malicious emails leading to a data breach; with the right software in place this risk can be eliminated.
Top 10 GDPR Facts
1. It’s the biggest shake up of rules surrounding Data Protection for 20 years.
2. You can’t just ignore GDPR – It’s a regulation that is relevant to all organisations, irrespective of size or sector
3. You could face fines of up to 20 million Euros or 4% of your annual turnover.
4. Brexit does not affect it – we are committed whatever the outcome.
5. You will need to seek ‘Informed Consent’ to control/process the data you hold.
6. You can’t “outsource” the requirements (Data Controllers AND Processors will be impacted)
7. You need to have a clear process for managing Data breach incidents and any data breach must be reported within 72 hours.
8. You’ll need to decide who your Data Protection Officer is – you can specify a third party.
9. Encryption is key to keeping your data safe.
10. Brash recommend that a firewall is the minimum recommended protection.
Brash can help you with any aspect of GDPR; be it taking through the facts, offering simple advice or putting in place the correct technology to protect your data and your organisation.
Complete the below details to contact us for further guidance or advice.