Data breaches seem to be one of the hot topics and a growing concern for many organisations. Many companies seem to lack the appropriate security measures and fail to meet the regulations set out by the government about protecting sensitive or personal data. It is evident that some organisations are unsure about what they are facing with the GDPR.
Whilst hackers aren’t necessarily targeting specific companies, the prevalence of sensitive data as whole is seen as high value. The Information Commissioner’s office states that most businesses fail to understand how valuable this information is to criminals.
In the past, depending on the extent of the breach; organisations would face a maximum fine of up to £500,00; however with the GDPR commencing as of the 25th May 2018 it is clear to say that organisations are now likely to be fined up to €20m or 4% global turnover (whichever is higher).
Many will question if the GDPR will affect their organisation after the impending ‘Brexit’. As the title of this article suggests; organisations will be facing some uncertainty ahead… and they should be questioning these uncertainties.
Businesses are not routinely compliant with the GDPR
The law applies to any company who handles EU citizen personal data regardless of based in or out of the EU. The ICO have released the GDPR overview earlier this year so that organisations can start to understand some of the upcoming changes.
If you are currently compliant with the DPA, this does not mean you are routinely compliant with the GDPR. The new regulation is far more complex in terms of how data should be processed and saved, as well as having a justified reason for the holding the data. The ICO will be releasing clearer guidelines for compliance procedures.
With stringency of global data regulations increasing, organisations need to understand that in less than two years, if procedures are not revisited it could potentially mean putting your business at risk. Re-examining practices now is more important than ever and there are some simple questions recommended by the ICO and MFG to be asking yourself whilst GDPR guidelines are not released: –
1) Do any of your staff work from home or require access to data offsite?
2) What if devices such as Laptops, Mobiles and Flash Drives are lost, stolen or compromised?
3) How securely is data held onsite and offsite i.e. staff working from home or local library/coffee shop?
4) Do benefits of mobile working oversee the security risks they impose?
5) Did you know over 700m records of data are either lost, stolen or compromised a year?
6) Can your business afford the discontinuity?
How do I become GDPR compliant?
The ICO strongly recommends encryption as a starting point of protecting data as suggested in many of their published articles.
MFG can help by providing your organisation with a fully managed encryption service to help protect the foundations of your business.
Encryption can solve many issues that many organisations currently face, as well as helping to prepare for the GDPR changes. Encryption can help reduce complexity by ensuring data is simply and easily protected, even if it should fall into the wrong hands.