The General Data Protection Regulation (GDPR) will come into force in May 2018. Any breach or infringement of GDPR could result in a fine of up to €20 million or 4% of global turnover based on the preceding 12 months. Make sure your business is fully aware of the impact of the GDPR on your business.
The law is complex, but three key points are:
• Organisations will need to report any loss of
data, be that the loss of a laptop or memory
stick or a serious cyber crime.
• Directors will be liable for ignoring or being
complacent about data protection, especially
personal data, which includes unique IP
addresses and email.
• Fines for non-compliance will increase
significantly. There will be an upper limit of
€20 million or 4% of annual global turnover,
whichever is higher.
Businesses will need to show they are fully
compliant with the new regulations. Failure to
do so will result in hefty penalties.
The new regulations will make it easier for
individuals to make private claims regarding
their data privacy and the way their information
has been handled by organisations.
What do you need to do to
comply with GDPR regulations?
MAKE SURE YOUR SYSTEMS
BE SURE THAT YOU ARE ABLE
TO ENFORCE THE POLICIES
YOU ARE PUTTING IN PLACE
What should businesses be
doing to prepare for
the new legislation
1) Review your existing information
Set up an information audit. Identify what
personal data you currently hold. Check your data
storage and handling of data is fully compliant
with the new legislation.
2) Invest in technology
Identify any gaps in your existing technology.
Invest in the latest firewalls, intrusion prevention
and detection, and antivirus software to avoid a
potential data breach.
3) Educate your staff
Every member of staff needs to understand that
data security is part of their job, not just the
responsibility of the IT team or the DPO (Data
Ensure your systems are transparent and that your
current consent policies are compliant. Understand
how you are currently obtaining and recording
consent within your organisation.
Storing personal data on children? Make sure you
have clearly identified how you store and process
consent of children, verify their age and obtain
parental consent if required.
5) Cyber insurance
Review your insurance policy. More and more
insurance companies are able to protect against
business impact in the event ofa cyberattack. Make
sure your business is covered against a potential
6) Recruit a Data Protection Officer
If you are a public authority, carry out large scale
systematic monitoring of individuals or process
large volumes of data relating to criminal conviction
and offences then you must appoint a DPA under
the GDPR legislation.
Whatever your business, it is essential to make
sure you have the right skills and sufficient staff to
ensure your organisation is fully compliant.