It’s one of the hot topics of the business world right now. 90 days from now, the General Data Protection Regulation, or better known as GDPR, will significantly change the data protection landscape when the compliance deadline kicks in.
As technology has advanced and traditional ways of handling customer data has transformed, a shift in legislation is taking place to support the digital world. Governed out of Brussels, the new directive is being introduced ‘to give companies greater responsibility of the ways in which they hold consumer data and how they use it’.
In a recent survey of British businesses, 72% said that they actively dealt with personal customer data, suggesting that a vast majority of UK organizations could be accountable under these new rules. For many large corporations, long standing compliance infrastructures will already be in place and future GDPR planning would have been addressed some time ago. But for smaller companies, without the strength of a large IT team, what are the key areas of the GDPR act to address?
The first significant area of focus is the accountability of consumer data. If your business uses mobile devices such as phones and tablets, it’s worth evaluating what level of data passes through these, such as customer emails and databases. Regulation-compliant technology such as Device Management is a key investment to keep on top of data and ensure compliance practice. Addressing protection levels against the growing threat of cyber attacks is another key step. Questions you should be asking are ‘what cyber security measures do we currently have in place?’ and ‘do these secure all our business connections?’.
Knowing the key processes is important to maintaining a complaint business. For example. if a business is subject to a data breach, you will have to report the information to both the IOC and subjects within 72 hours. You only have to look at the potential financial penalties to know that the EU mean business with data protection. If a company were to loose personal customer data in a hack, for example, they could be liable for a fine of up to €20m or 4% of annual turnover, whichever is greater.
However, whilst some might focus on the negatives of financial penalties at stake, the outlook for compliant businesses can only really be positive. With the secure management of consumer information comes a greater trust from clients and a future proof company in data compliance.
If you want to evaluate your current compliance levels, Garnell provide free, no obligation GDPR audits.