Article

GDPR: the clock’s ticking

Is your business prepared for this time next year?

Today marks one year to the day until the General Data Protection Regulation (GDPR) comes into force.

GDPR requires that both organisations based in the EU and those offering goods or services within the EU have an appropriate governance framework in place when they collect and process personal data. The legislation will also see significant changes for organisations that monitor or process EU citizens’ personal data. It will apply in the UK regardless of whether Britain exits the EU or not.

By this day next year, firms must be 100% compliant with the new regulations across the board – and there will be no exceptions.

GDPR aims to radically change the way organisations manage their data, and their customer’s data, by implementing data protection by design and default. The ruling will see a single Supervisory administer and enforce a company’s data protection compliance across the EU, with severe penalities for failure to comply.

Under GDPR, any breach where companies have failed to adopt reasonable security measures, or failure to report data breaches within 72 hours of discovery, can result in fines of up to €20 million or 4% of global annual turnover, whichever is greater. This will depend upon the type of breach and impact to the privacy of the data subject and their information.

With flexible working and BYOD growing in popularity among UK business, companies are seeing their surface area grow – leaving IT teams with the challenge of increasing their security perimeter to protect business and customer data wherever staff are, on whatever device they’re using.

What’s more, in light of this month’s devastating WannaCry attack hitting businesses across the globe, it’s clear that no organisation is safe – whether that’s from a direct attack of as collateral damage.

With GDPR fast approaching, along with its threat of huge fines, companies now need to comprehensively prepare for breaches. This applies not only for the technical response to it, but also for dealing with regulator, customer and media concerns quickly,” says Jean-Frederic Karcher, Head of Security at Maintel.

Even with the strongest protection defences in the world, you can’t count on not losing data. However, you can understand how attacks occur, what types of data are at a greater risk and how to lessen the blow. By planning, identifying and defending vulnerability now, firms can still make the May 2018 GDPR compliance deadline.

To read our eight recommendations for preparing for GDPR, visit our blog here.