What would fines of €20 million ($25 million) or 4% of your group’s global turn over mean to
your company?
your company?
Closure? Lay-offs? Shareholders
walking away? Worse?
walking away? Worse?
Well, it’s these kind of size
fines that GDPR is ushering for your business in May – so if you’re based in
the EU, or you have any customers, freelancers or business connections in the
EU (even just one) – then you might want to read on about why your IT security
is going to be more important than ever before…
fines that GDPR is ushering for your business in May – so if you’re based in
the EU, or you have any customers, freelancers or business connections in the
EU (even just one) – then you might want to read on about why your IT security
is going to be more important than ever before…
What is GDPR?
GDPR is short for ‘General Data
Protection Regulation’ – a series of rules that were created by the European
Union over the course of the last 4 years. Although they’re not law as such,
each country that is going to be covered by the regulation will adopt them into
law through their own government departments.
Protection Regulation’ – a series of rules that were created by the European
Union over the course of the last 4 years. Although they’re not law as such,
each country that is going to be covered by the regulation will adopt them into
law through their own government departments.
Why has GDPR been created?
These new data protection rules
have been created because of the different ways personal data is now used –
when compared to the time previous data protection laws were created. For many
EU countries, their data protection laws were last visited and revised around
20 years ago – obviously well before Google, Facebook and our use of
smartphones.
have been created because of the different ways personal data is now used –
when compared to the time previous data protection laws were created. For many
EU countries, their data protection laws were last visited and revised around
20 years ago – obviously well before Google, Facebook and our use of
smartphones.
At that stage, it was impossible
to consider how
our data would be collected and used – after all, 20 years ago most countries had only 10% of domestic
properties connected to the internet. Now, that figure is more like 90% – and
the average person has in excess of 25 online accounts – between email, social
media, shopping sites and many more.
to consider how
our data would be collected and used – after all, 20 years ago most countries had only 10% of domestic
properties connected to the internet. Now, that figure is more like 90% – and
the average person has in excess of 25 online accounts – between email, social
media, shopping sites and many more.
What does GDPR mean for businesses?
There are some big changes to business
practices that are going to be required by GDPR – with the biggest changes seen
in the following areas:
practices that are going to be required by GDPR – with the biggest changes seen
in the following areas:
- Knowing what data you hold and why you hold it
- The structured management of your data
- Being aware of who in your business is responsible for data
- Educating staff to changing security requirements
- Understanding reporting structures and timescales
A significant change comes around the way
that you will need to evidence your practices. In the past, there was no need
to worry about reporting on data protection law unless a data breach occurred,
now however, the regulation states that you should be able to demonstrate
compliance, whether or not data is in danger.
that you will need to evidence your practices. In the past, there was no need
to worry about reporting on data protection law unless a data breach occurred,
now however, the regulation states that you should be able to demonstrate
compliance, whether or not data is in danger.
What
if you’re outside the EU?
if you’re outside the EU?
You might be breathing a sigh of relief at
the moment if your business is based outside the EU – perhaps even if you’re in
the UK – knowing that Brexit will soon see the country severed from many EU
laws.
the moment if your business is based outside the EU – perhaps even if you’re in
the UK – knowing that Brexit will soon see the country severed from many EU
laws.
Well, I’m sorry to tell you that it’s not
going to be that easy! GDPR will apply to any data you hold that relates to EU
citizens – so even if you’re a US company, international law will dictate that
this data should be held under the same safeguards.
going to be that easy! GDPR will apply to any data you hold that relates to EU
citizens – so even if you’re a US company, international law will dictate that
this data should be held under the same safeguards.
No escape for the UK post-Brexit either,
the UK’s Information Commissioner’s Office
(ICO) has already confirmed that the UK will continue to abide by the
regulation, regardless of any deal struck as an exit from the EU comes into
place.
the UK’s Information Commissioner’s Office
(ICO) has already confirmed that the UK will continue to abide by the
regulation, regardless of any deal struck as an exit from the EU comes into
place.
What
does GDPR mean to your IT technology?
does GDPR mean to your IT technology?
For most companies, data is held primarily
on their IT networks and applications – hence, IT security is under the
spotlight.
on their IT networks and applications – hence, IT security is under the
spotlight.
The best way to consider your IT data
security is to ask some questions – not unlike the questions that GDPR will be
asking:
security is to ask some questions – not unlike the questions that GDPR will be
asking:
“What
data do we hold? And how did we get that data?”
data do we hold? And how did we get that data?”
If you hold personal data it’s now
important to understand what it is, why you’ve got it and where it’s kept.
important to understand what it is, why you’ve got it and where it’s kept.
What’s more, it’s vital that you ask
questions of the ‘opt-in’ procedures that led to you holding that data – do
customers know what you hold about them? Do these previous opt-in procedures
meet with new GDPR rules? If not, you won’t be able to continue to use the data
post-GDPR without re-opt-ins from your customers.
questions of the ‘opt-in’ procedures that led to you holding that data – do
customers know what you hold about them? Do these previous opt-in procedures
meet with new GDPR rules? If not, you won’t be able to continue to use the data
post-GDPR without re-opt-ins from your customers.
“What
do we do if someone wants to see their data?”
do we do if someone wants to see their data?”
At the moment, customers can request the
information you hold about them – and you can charge a small admin fee for the
work needed to collect that information. With GDPR this is no longer going to
be the case. Customers have the right to access, change or even have their data
entirely deleted should they wish.
information you hold about them – and you can charge a small admin fee for the
work needed to collect that information. With GDPR this is no longer going to
be the case. Customers have the right to access, change or even have their data
entirely deleted should they wish.
So, the question is – do you have the
measures in place to make sure you could access a customer’s data quickly and
completely?
measures in place to make sure you could access a customer’s data quickly and
completely?
“Is
our hardware appropriately protected?”
our hardware appropriately protected?”
Modern IT networks can be extremely complex
– not least because of habit many of us have got into the habit of using own
devices as part of business networks. It’s now fairly common for a small
business’s network to be a ‘hybrid’ that involves a variety of connections to
the wider world – including 4G mobile devices.
– not least because of habit many of us have got into the habit of using own
devices as part of business networks. It’s now fairly common for a small
business’s network to be a ‘hybrid’ that involves a variety of connections to
the wider world – including 4G mobile devices.
Unless you’ve got dedicated in-house
support for your IT infrastructure, it can be difficult administer everything
to a consistent standard. For smaller businesses, having a managed service
provider with an understanding of GDPR on board will ensure your hardware and
applications are fully protected against cyber security breaches.
support for your IT infrastructure, it can be difficult administer everything
to a consistent standard. For smaller businesses, having a managed service
provider with an understanding of GDPR on board will ensure your hardware and
applications are fully protected against cyber security breaches.
Larger companies – especially those with
multiple sites might look to garner more control over their IT infrastructure
with an SD-WAN centralised solution – especially if the person administering those
WAN controls works closely with a data protection officer. You can learn more
about what SD-WAN might offer your business network by clicking here.
multiple sites might look to garner more control over their IT infrastructure
with an SD-WAN centralised solution – especially if the person administering those
WAN controls works closely with a data protection officer. You can learn more
about what SD-WAN might offer your business network by clicking here.
What’s
the next step for you?
the next step for you?
At this stage, it’s important to realise
you should act sooner rather than later when GDPR is concerned. The regulation
becomes law in most applicable countries in May of this year – and with a
significant number of questions to ask of your policies, practices, networks,
websites and employees – there’s really no time to lose.
you should act sooner rather than later when GDPR is concerned. The regulation
becomes law in most applicable countries in May of this year – and with a
significant number of questions to ask of your policies, practices, networks,
websites and employees – there’s really no time to lose.
Remember, being protected isn’t enough
anymore – you’ve got to be ready to evidence exactly how you’ve protected your
sensitive personal data – and you’ve got to be able to do it quickly and accurately.
anymore – you’ve got to be ready to evidence exactly how you’ve protected your
sensitive personal data – and you’ve got to be able to do it quickly and accurately.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
