Can you afford to ignore GDPR?

Data security is critical to both a business and it’s clients. Both sides of the fence so to speak. High profile cyber-attacks are constantly in the global news and on the rise. However not all data breaches are malicious or criminal in nature. Some arise from negligence or ignorance, but regardless, their impact on a business can be enormous. First to be impacted is the company’s reputation as well as business disruption and various financial effects including hefty fines.

Introducing GDPR

GDPR is all about the protection of an individual’s data that is held by your business. To ensure that businesses take this seriously and put in proper steps to protect this data, the EU has adopted a new regulation known as General Data Protection Regulation or GDPR. This will be enforceable from 25 May 2018 and carries significant penalties for any failures of up to of €20 million or 4% of business turnover (whichever is the greater).

GDPR contains several provisions:

  • Data cannot be retained if there are no legitimate reasons to do so
  • Legitimate interests will be restricted
  • Data must only be used for the purpose for which it was collected
  • Breaches must be notified within 72 hours.
  • Larger organisations will require Data Protection Officers

We are no longer in the EU?

Although this is EU legislation, the UK’s Information Commissioner’s Office (ICO) are working to align UK legislation with GDPR. With so much business being conducted across borders and data stored in the “cloud” (servers could be in any country including the US), this is the logical way forward.

What do we have to do?

Many organisations are not going to be compliant with GDPR when it is enforced. GDPR is not just an IT function but a complete business process that everyone in the business needs to be involved in and aware of. Data can be leaked from many different parts of the business so it is the responsibility of everyone with access to personal data within an organisation to be aware of how they are allowed to handle this data. For example, don’t email a spreadsheet to someone unless it is encrypted.

Employees will need education and training, processes will need reviewing and data types, usage and sensitivities will need to be assessed and documented.

Obviously, there is a lot of work to be done to prepare to become compliant and Colins IT have the resources, experience and knowledge to support your business through this process. Every business is different and has different processes in place. We understand this and work though these to identify weak points and vulnerabilities in both infrastructure and process to get your compliant with GDPR.

Act right now!

GDPR needs to be part of the business management conversation now.

If you are looking for a FREE initial consultation to get you started then ring us today to book in – 0800 10 777 82 or contact us.

If you need a fully guided and supported process or need any help with any stage of the GDPR compliance then please get in touch.

May 2018 is the dead line to be compliant. It is not the start date so it is important to start the process now.

Talk to one of our GDPR experts today. Call 0800 10 777 82 / 02476 969 946