Written by Rob Young, Group Managing Director – 7th March 2016
Data security breaches reach an all time high…
Did you know that all business owners are now solely responsible for the security of clients data? Data protection is something that should be taken very seriously as major breaches can even result in a prison sentence for the CEO.
As you are probably aware large multinationals such as Talk Talk, HSBC, Sky TV, Ashley Madison and Uber have recently come under fire due to major data security breaches.
Download our useful GDPR checklist
Interested to know what your business needs to do before May 2018 in order to be GDPR compliant? One of our certified GDPR consultants has put together 34 questions that you need to consider in order to be compliant.
How secure is your companies data and why should you worry?
There’s a little more to data protection than ensuring your business server is kept in a locked room over night. Have you thought about your cloud based systems? What about all your business emails and your finance software and what about the all the paperwork sprawled around the office?
At present, data protection is regulated by the Data Protection Act 1998, which is very dated. However, within the next two years the New EU General Data Protection Regulation (GDPR) will come into force. This will be a landmark moment in data protection and privacy not only in Europe but all around the world.
The new regulation will apply to anyone collecting EU citizen data and enforce the following changes to the way data is stored and handled within a business environment.
- Businesses will soon be required to self-report all data privacy breaches no matter how small they are
- Businesses will soon need to appoint an independent Data Protection Officer to oversee the business setup
- All data stored within a business environment must be kept up to date and stored for the minimum amount of time after which it must be destroyed.
- Business must demonstrate compliance with the new GDPR law as soon as it’s made official
- Businesses must soon get permission to hold clients data within their business setup.
The new regulation will apply to all sizes of business who store EU citizen data, regardless of where they are based and the size of the business. However, the new regulation, if not adhered to carries a much larger financial punishment than the previous Data Protection Act 1998.
Increased fines of up to 4% of annual global turnover! – It is said that Talk Talk is predicted to be fined up to £35 million for their recent data security breach
What can you do to prepare for the new GDPR regulation?
- Carry out a risk assessment of the data your business holds so that you understand the risks and can take the appropriate action to improve security.
- Look to appoint a Data Protection Officer. (Can be a consultant)
- Understand the requirements of the EU Regulation and the new laws.
If you found this blog interesting, you also may want to look at our other GDPR related blogs ‘7 steps to kick start GDPR Compliance’, The GDPR – what it means for UK businesses, GDPR and the role of a Data Protection Officer, and GDPR – what are the penalties for non-compliance?