Assessing the Impact of GDPR
Companies are being urged to review their cyber defences ahead of new EU rules coming into force in 2018. The General Data Protection Regulation (GDPR) will standardise processes around EU countries, making it easier for businesses to trade across the region.
What is the GDPR?
The GDPR lays out stringent guidelines for the handling of personal data by businesses. It also widens the scope of what is classified as ‘personal data’ to include online identifiers, such as IP addresses.
The regulation aims to ensure that businesses implement a level of security that corresponds to the value of the data that they hold. Specific actions that may be appropriate include:
- The encryption and/or pseudonymization of personal data.
- The ability to ensure the ongoing security and integrity of systems and services that are used to process personal data.
- A process for testing and reviewing the effectiveness of implemented security measures on an ongoing basis.
- The ability to restore the availability of services promptly, in the event of an incident.
As you can see, it’s vital that businesses take the time to review the way in which they handle and secure this data. Also, companies need a robust backup and disaster recovery plan, in case the worst were to happen.
How Might GDPR Impact My Business?
Alongside the new rules, updated reporting requirements and financial penalties are coming into play that could have a significant impact on businesses. If a company suffers a breach that puts personal data at risk, they are required to report it to the appropriate supervisory body within 72 hours.
They must also communicate out to any individuals affected “without undue delay”. This means that details of a cyber attack could be out in the public domain very quickly after being discovered.
Substantial fines are to be imposed on businesses that do not comply with the new regulation. Violations that relate to security or breach notification may be up to 2% of gross company revenue.
For more serious data protection violations (such as consent issues) this figure increases to 4%. And of course, this does not take into account the financial impact caused by the loss of customers or reputation damage that could occur in either instance.
Shaping up for GDPR
It’s important that businesses begin to review their handling of personal data and general cyber security strategy immediately. This provides enough time to make any required changes ahead of the regulation start date in early 2018.
It’s important to consider all of the strands that make up your cyber security and data protection processes. This includes physical and virtual security products, employee training and awareness, and backup and disaster recovery. For certain businesses, it may also be a requirement to appoint a Data Protection Officer (DPO).
Working with a security expert, such as TransACT Technology Solutions, can help you to quickly and efficiently audit your current setup and create an improvement action plan. We’ll be covering the different aspects of the GDPR in future posts, but don’t hesitate to contact us today for further support.
GDPR: 12 Step Guide
This 12 Step Guide to preparing for GDPR offers direct advice on what your business needs to achieve.
GET YOUR FREE AUDIT
Report showing recommendations based on your organisations AD permissions – critical to support your journey to GDPR compliancy
GDPR Specialist Call
45-minute introductory call with a GDPR specialist to discuss the impact of GDPR and the 4 phases to compliance