This time last year GDPR (or General Data Protection Regulation) was an acronym giving owners, executives and employees of businesses of all sizes – from start-ups to multinationals – many a sleepless night.
The date of 25th May 2018 – almost one year ago to the day – became engrained in businesses thinking; this was the date GDPR (with all its potential ramifications and penalties for those not adhering to the new legislation) would come into effect.
The date came and went and, relatively speaking, the noise that had grown to a crescendo as the implementation date loomed and arrived, died down.
However, any business assuming that GDPR has been and gone would be mistaken.
GDPR was never meant to be a flash in the pan that required businesses to make a single gesture of conformity. It was – and is – about a journey aiming to protect the data of individuals.
And in an age where a person’s data becomes ever more complex and ever more dangerous in the wrong hands, the scrutiny that businesses come under from the Information Commissioners Office (ICO) is only going to go one way.
That’s bad news for those that are not compliant and do not have robust policies/procedures in place.
Here are just a few of the reasons why your business needs to consider whether it is doing all it can to protect the data it holds on individuals:
Earlier this year Google was fined $57m (£44m). The very maximum that the ICO can fine is up to €20m (£17.5m) or 4% of global turnover. Of course, these are extreme examples — and it’s important to remember that GDPR is not meant to scaremonger businesses into protecting their data, but rather encourage and reinforce the responsibilities we all share to make sure sensitive information doesn’t fall into the wrong hands. That being said, it’s never been more important to implement changes within your business to better safeguard data and prevent fines.
Given the intense focus on GDPR in the media and in terms of customers receiving GDPR-related privacy notice updates, consumers and the general public as a whole are switched on to GDPR and, importantly, recognise a potential breach and a misuse of their personal data when they see it. GDPR isn’t corporate jargon, it’s widely recognised and businesses that fall short may find themselves the subject of a ‘Data Subject Access Request’ where the public can request to see all of the data you hold on them. How have you been managing these requests? Do you have an efficient procedure in place if you did receive one?
Procedures to Technology
GDPR needs to be at the forefront of a business’s mind and not seen as a one-off tick box exercise. That’s because as technology and digital capabilities evolve, so too do the threats posed by cybercriminals. Loss of data is a breach of GDPR, irrespective of the method used. Businesses need to ensure they are up to speed with digital security developments and that their processes are adapted and modified accordingly.
RDS Global is trusted by 4,000 users across the UK and specialise in Cyber Security and GDPR Consultancy. We can offer your business a full, comprehensive data security audit to give you peace of mind, safe in the knowledge that we can help ensure your practices and processes for storing and processing data are up to date, compliant and in line with GDPR guidelines.