Infographic: What is the GDPR and how will it affect you?
|View Image Download PDF|
Cyber security is one of those issues that lingers in the background. We're all aware of it, but it's not until it's brought to the front of our minds by the media that we start to sit up and take notice. That's what has happened this week, with a newly published report revealing that cyber crime is on the rise and that two-thirds of UK businesses have suffered a breach or cyber attack. That's a big deal, and today we're talking about the consequences of these attacks - hackers getting their hands on sensitive personal information.
We’ve talked a lot about PCI compliance recently, as you’ve probably noticed. Simply put, if your business stores customer credit card details insecurely and those details are breached by an aforementioned cyber attack, you’ll face hefty fines and other nasty sanctions - which pale in comparison to the potential damage to your brand. But there’s a new regulation in town, and if PCI-DSS was the appetiser, this is very much the main course. We've put together an infographic for those of you that are visually inclined - and you can read more below.
Let's get down to business
The General Data Protection Regulation (GDPR for short) is similar to the PCI standards in that it governs what kind of data can be stored, how it should be stored, and what happens if it’s breached - but there are some key differences. Here’s the big one: whereas the PCI-DSS only covers the security of customer card payment data, the GDPR covers EVERYTHING. Any and all data about an EU citizen, whether it’s their first and last name, address, contact information, or myriad other pieces of personal data, must be stored securely - if it’s allowed to be stored at all. The other big deal is that the PCI-DSS are just recommendations. You’re in trouble if your data is breached, but you’re not strictly required to secure that data. The GDPR, on the other hand, is law. You MUST store data within the bounds of the GDPR, or face harsh penalties. The GDPR has serious ramifications for all businesses - but wait, there’s more!
Power to the people
The GDPR aims to put personal data control firmly in the hands of customers. Businesses are only permitted to store data that the customer has given express consent to be stored, and only for as long as it’s required for processing. Customers are within their right to request a copy of whatever data is held on them by a business, and how it is used, as well as to have that data erased once the business has completed any previously agreed data processing. If your company holds personal data on someone, you should be prepared for the possibility of that data being requested or removed.
We can’t talk about data protection without talking about the consequences of a data breach. So far, the largest fine issued for a breach in the UK was around £400,000. That figure is dwarfed by the new penalties introduced by the GDPR. In the event of a breach, an organisation could face fines of either 4% of their worldwide annual turnover, or 20 million euros - whichever is greater. Compare 20 million to 400,000 and it’s not hard to see how serious the GDPR is. In addition, businesses that suffer a breach will be required to report this breach to the relevant supervisory authority within three days, or face further sanctions.
This may sound like a lot to take in, but there are a couple of silver linings. The first is that the GDPR doesn’t come into force until May 2018, so you’ve got plenty of time to comply. The second is us! (Do you see what we did there?) We’ll be offering consultancy on GDPR compliance moving forward. There is no “off-the-shelf” fix for the upcoming legislation - you’re more than welcome to call us up and ask us to “make you GDPR compliant”, but it won’t be that easy. Rather, we’ll work with your business to build a compliant data storage and processing strategy. We’ve been working with IT and network infrastructures for over a decade, so we’re well positioned to help you ensure your systems are secure and compliant.
We’ll have more to share with you in the coming weeks as further information concerning the nitty-gritty of GDPR is published. If you hadn’t already guessed, GDPR is going to be a game-changer for businesses across the world, and we want to make sure you’re well prepared. In spite of the doom and gloom we’ve touted in this article, there’s no need to panic! A careful strategy, prepared well in advance of May 2018 will keep you in the clear. Further questions? Looking to start your compliance journey? Just want to chat? Don’t hesitate to get in touch.
Share this on social media:
We support Fusion People with their IT and telecommunications. Watch how they made an annual saving of 40%.
Contact us today for help or advice on your IT & telecoms and receive a FREE Costa!
The player supports TAB to change the controls. Update Required<br/>To play the media you will need to either update your browser to a recent version or update your <a href='http://get.adobe.com/flashplayer/' target='_blank'>Flash plugin</a>.