A recent survey carried out by Dell and published by Fortune, showed that 80% of the companies they surveyed have no plans in place to comply with GDPR (General Data Protection Regulations). What’s unclear is why companies are not reacting to the impact the GDPR will have on the way they hold, store and use data. Some companies may not have heard of the changes, whilst others may be complacent following the UK’s decision to leave the EU, believing that it will no longer apply to them.
Unfortunately though, for companies believing Brexit means GDPR avoidance, they are likely to be disappointed. National borders and individual country’s own legal systems aren’t recognized in this new age of global data storage. The GDPR will apply to ANY country processing EU data. It’s not about where the data is held that’s important, but whom the data is about.
The good news is that it’s still not too late to take action. The regulations come into force in May 2018, so there’s still plenty of time for organisations to get their house in order.
So what do I need to do now?
The ICO has provided a 12 step plan to help organisations plan for the GDPR and it can be found here.
Essentially though, it’s important for every organisation that they
- Understand what data they store
- Identify all areas where that data is stored – including backups, local storage and even historic paper files
- Identify how this data is protected
- Document this in a formal risk assessment
- Identify if indeed the data needs to be kept at all
Irrespective of the GDPR, all organisations should be concerned about security. Cyber-crime is big business and the government has now rated it a ‘Tier 1’ threat in its national security strategy. Any security breach can have drastic consequences for your customers, your organisation and cause irreparable damage to your brand. Prevention is key.
There are a whole raft of security guidelines and frameworks you can adhere to, to protect and minimise your organisation from damage caused by security breaches. Depending on the type of organisation you are, and the sectors in which you work, these can be implemented to ensure you have the right level of security for your organisation with the minimum amount of disruption to your business as usual activities.
At Waterstons we have a dedicated team of data security professionals ready to guide you through the maze of different frameworks and accreditations to ensure you have the right level of protection appropriate to your needs, from both a regulatory and safe-guarding perspective. So don’t get spooked! Get some professional advice!