Could new data laws end up bankrupting your company?
The European Union’s General Data Protection Regulation (GDPR) comes into force in May 2018; radically changing the way organisations have to look after our personal data. Failure to comply could lead to huge fines, yet many businesses are far from ready. Here’s why you should care.
What is GDPR exactly?
A new EU regulation governing how organisations should handle and protect our personal data.
Many of the stipulations are already covered by the UK’s Data Protection Act; but simply put, organisations need to keep records of all personal data, be able to prove that consent was given, show where the data’s going, what it’s being used for, and how it’s being protected.
Accountability is the new watchword.
If personal data gets stolen after a cyber-attack, companies have to report the breach within 72 hours of realising it.
And the definition of personal data has been extended to include extra categories such as your computer’s IP address or your genetic make-up – anything that could be used to identify you.
Why should businesses care?
Non-compliance with the GDPR could lead to huge fines of 20 million euros or 4% of global turnover, whichever is the greater. For a company like tech giant Apple, that could amount to billions of dollars.
However, a spokesperson for the UK’s Information Commissioner’s Office (ICO) – the body responsible for enforcing GDPR in the UK – says: “The new law equals bigger fines for getting it wrong but it’s important to recognise the business benefits of getting data protection right.
“There is a real opportunity for organisations to present themselves on the basis of how they respect the privacy of individuals – and gain a competitive edge.
“But if your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices when the new law comes in next year, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance.”
Are businesses prepared?
“Many businesses have no idea what to do and don’t want to grasp the nettle,” says Mark Thompson, a partner in KPMG’s privacy advisory practice.
“There’s a lot of misinformation and panic around at the moment, but if businesses don’t take responsibility for this at board level they will fail.
“This will affect every part their business.”
And Chris Daly, chief executive of the Chartered Institute of Marketing, says: “There is a real lack of awareness about this issue in our sector – 60% thought it wouldn’t affect their business at all.”
GDPR specialist EMW Law believes just 29% of UK businesses have begun preparing for the change, “a shocking figure, as on average organisations need 12-15 months to prepare”, the firm says.
With cyber-attacks on the rise and growing in sophistication, data breaches are becoming almost inevitable. So, will your company be able to demonstrate that it took all reasonable steps to protect personal data from this threat?
Will it be able to show that it reported any breach within the 72-hour window following discovery?
We can Help You!
Here at ABC we have recently completed the Certification Course and examination which allows us to advise on GDPR Data Protection Issues.
We can help to ensure that your business is GDPR Compliant and put into place all the necessary paperwork, policies and audits as well as advise you on IT security and even act as your Data Protection Officer (DPO).
To receive your free “Guide to GDPR” enter your details below, or feel free to contact us here.