If you haven’t heard of the European Union’s General Data Protection
Regulation (GDPR), then you are not alone. Recent survey data shows that more than 60% of the working age adult UK population have not heard of the legislation.
Despite Brexit and the invocation of Article 50 to trigger negotiations on the terms of Britain’s departure from the EU, this forthcoming regulation is being written into UK law.
Key data points in the survey showed:
One of the most significant facts about GDPR is that it allows for fines that go way beyond any previously handed out by the
UK ICO (Information Commissioner’s Office) for breaches of the DPA (Data Protection Act). This is certainly something that is set to focus the minds of those in the boardrooms of companies of all sizes that are charged with responsibility for good governance.
For example, the TalkTalk breach, where the hackers exploited a vulnerability that was well known and which would have been secured by competent security best practice, attracted a fine of £400,000 in October 2016. Under the lower GDPR financial penalty tariff (2% of annual global turnover or €10m, whichever is higher), TalkTalk would have been hit with a penalty more than 9 times greater – £3.68m.
The technical implementation of GDPR is of course something for each business to implement through its internal IT teams and the external service providers of their choice. However, it doesn’t stop there. There is a significant need to ensure network users observe company security policies and employ best practice to minimise the potential for breaches.
Employers will need to document and demonstrate employees have been trained so that safe GDPR behaviours become embedded. The degree of training provided is set to be a key consideration in determining the scale of any financial penalty that results from a security breach.
GDPR is set to enter force on 25th May 2018, just about 14 months’ time. However, there are no quick fixes to compliance. The best approach is a thorough assessment of where a business currently stands on its IT security arrangements and then following a process to work out how it is going to get where it needs to be to meet the GDPR standard.
Paralogic helps customers by providing a thorough assessment of where your business currently is with its IT security. From here we work with your team to develop a clear plan of how to get you to where you need to be to achieve compliance with the GDPR standard.
To find out more about how we can help your firm close the gap to GDPR compliance, simply get in touch today.
For more than 20 years, Paralogic has been on the side of small business, providing IT support and services they can rely on. We’re thrilled, therefore, to be named among the best British MSPs, cementing…Read More
The European Union’s General Data Protection Regulation (GDPR) is the most significant shake up of information security for many years. Despite the toughening of rules and the harsh treatment of companies by regulators and the…Read More