GDPR came into law on May 25th this year, following a build-up that seemed to add to the confusion and perception of complexity rather than help organisations find their path to compliance. And whatever processes you've put in place, you can check that you've got the key steps covered with our helpful assessment.
Do you know how compliant you are? Are you ready to handle any GDPR compliance problems? Take the assessment now and find out!
What is GDPR?
EU companies need to have a strong data protection policies in place to protect client data. If companies fail to meet this standard they will fines of up to 4% of their turnover. To put this into perspective, if the GDPR was in operation during Tesco Bank’s breach they would have faced a whopping fine of £1.9 billion!
But what about Brexit… we won’t be part of the EU?
Britain’s decision to leave the EU is not a get out clause for GDPR. Britain must comply with the GDPR legislation when operating within the EU.
Matt Hancock, The Minister of Digital and Culture stated the GDPR has been implemented within the UK because it is, “decent piece of legislation due to significant UK negotiating successes during its development”.
What do you need do?
Despite there being a plethora of web space dedicated to the GDPR, there still remains confusion and uncertainty amongst businesses and customers. Many companies ahave taken steps to ensure their data security remains compliant in a way that works for their processes and procedures, whether that's increasing the security around infrastructure that handles data, amending security policies, or reviewing and reorganising data held. Businesses should continue to focus their efforts on; storage, governance, response and recovery.
What you shouldn't do is play ignorant and assume you are immune from a data breach, or that any accidental breaches of GDPR will not be picked up. The consequences of falling foul of GDPR are too significant.
With an increasing number of organisations storing data on the cloud, how data is stored is a core focus for this new legislation. By storing data on the cloud, companies are handing over the control of how the data is stored, protected, and accessed. With little visibility of how these actions are carried out, organisations are putting a lot of trust into their service providers. However, if companies are still unable to answer questions like, 'where is your data stored?', 'who accesses this data?', and, 'how is it protected?', they can face hefty fines, as this will no longer be the responsibility of the storage providers.
One of the most painful areas of GDPR for businesses is that customers and ISO authorities can ask for a data audit trail at any time. This means companies need to create and keep records of when data was retrieved, who gave permission for the data to be stored, who has accessed the data, and each point the data was shared. This means that all companies, no matter the size, need to have systems that are robust enough to keep up with these data demands.
Designed by Freepik
If a company’s data is compromised and customers’ details become vulnerable, the focus is on how a company responds. In the past companies have been known to sweep security breaches under the carpet, but this is no longer acceptable. Protecting customers’ data is a crucial part of GDPR. The speed of which the breach is identified and reported is a key part of the GDPR – with organisations needing to report the breach within 72 hours of discovery.
Once a breach has happened, communication with the authorities will be ongoing; companies are no longer able to take a laissez-faire attitude to dealing with the breach. All lost data needs to be managed appropriately and those whose data has been made vulnerable to be kept regularly informed.
The ultimate takeaway is that what happens to the data the companies’ store, wherever it is stored, is now completely their responsibility.
You can find out more about what the most significant threats are to data in light of GDPR in our blog article here
If you have security concerns talk to one of experts today or register for your free cyber security assessment
*Subject to qualification via phone call, 4 hours with an ACE qualified practitioner, new customers only. T&Cs apply.