THE LAST WORD Rob Ferrey, Director, Perpetuum Training Limited, explains everything you need to know about General Data Protection Regulations (GDPR) and how they will affect your business NEW EU data regulation laws have been finalised and will be implemented in May 2018. The change highlights the Government’s initiative to strengthen data protection policy in order to mitigate the threats of doing business in cyber space. Data breaches hit an all-time high in 2016 with an increase of 40% over 2015!* We are not expecting 2017 to be any different and all indicators point towards even more breaches. So, what is the significance of GDPR and how will they actually affect your business? 1. What is GDPR going to change? The new law requires that from May 2018, any business that operates in the EU or handles the personal data of people that reside in the EU must implement a strong DATA PROTECTION Rob Ferrey, data protection policy to protect this client data. It is the EU’s way of giving customers more power over their data and less power to the organisations that collect and use such data for monetary gain. Businesses that fail to meet the new standard will face fines of up to 4% of global turnover or €20m (whichever is larger) and businesses that suffer from a data breach without having adequate measures in place will suffer the same. 2. Why have they changed the regulations? As the IoT (Internet of Things) and technology has become such an integral part of the way we do business in the modern world, the cyber space has become even more unsafe to work in and the risk of data breaches has dramatically increased. Just as technology evolves, cyber hackers have more advanced and intelligent tools at their disposal, hacking into private systems with a level of skill that is 48 unprecedented. The current Data Protection Act was enacted in 1998 and is completely inadequate to deal with the problems that businesses now face in 2017. The new law signifies the Government’s way of countering the ever-increasing cyber threat. It forces companies to take data protection seriously, take responsibility for their security strategies and prioritise protecting the data of their clients. In the age of hacking and cyber attacks, the change could not have been more timely and much needed. 3. Will it affect my business? Regardless of the Brexit outcome, every business that trades in the EU or has clients based in the EU will have to comply with the law. When the law is implemented, companies will have to tell customers why they want their data and how they are going to use it. It prioritises customer consent by making it mandatory for customers to clearly give permission for their data to be used as well as the option to withdraw this permission at any point. If your business suffers a breach you will have to report it to data protection authorities within 72 hours and contact clients directly. The law comes into affect in May 2018 and the best advice would be to start preparing now so that you’re ready for the change. Director, Perpetuum Training Limited If you would like more information on GDPR, contact: firstname.lastname@example.org or call 0151 2080247. *Reference: Lewis Morgan, IT Governance, 2016. If you have a topic you’d like to write about email email@example.com and put ‘The Last Word’ in the subject line.
To see the actual publication please follow the link above