There are two ways of looking at the imminent EU General Data Protection Regulation (GDPR).
When it goes live in May, you can sit back and relax, believing that many of your cyber security obligations are covered in your preparation for the new legislation. Or, you can see it as a signal that you have a continuous and ever-heavier burden of responsibility.
GDPR spotlight on your data security systems
The GDPR – which covers all organisations holding personal information on EU citizens – mandates that companies tighten up on how they gather, store, use and dispose of data. It brings wide sweeping new rules that affect everything from how you ask customers for their contact details, to scrupulous data housekeeping.
Section 83 of the GDPR states: “In assessing data security risk, consideration should be given to the risks that are presented by personal data processing, such as accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed which may in particular lead to physical, material or non-material damage.”
This is clearly not something you can do once then forget about. It involves continued vigilance and control.
What you could face
Any Cheshire or Manchester organisation that doesn’t keep pace – or, worse still, assumes exemption – could be fined up to 20 million euros under the GDPR.
This will go alongside a potentially catastrophic loss of reputation. Losing data is bad enough, but experiencing a breach after ignoring the new rules can irreparably damage customer faith.
Remote monitoring and maintenance contracts need to be with companies you are 100% sure have continuous adherence to GDPR compliance. This arrangement can be hugely reassuring for smaller enterprises. One of the mandates of the new legislation is that all personal information has to be encrypted, with access limited to staff on a “need to know” basis. Using cloud support for your IT systems provides security as standard.
The aim of the GDPR
The ultimate aim of the GDPR is to provide the public with far higher levels of security and privacy protection. This should help restore the serious erosion of consumer trust.
Data breach headlines are far too common. In 2016, the total number of data records compromised was almost 54.5 million. That’s bad enough, but especially when you consider that it was a massive 475% increase on the year before.
Continuous cyber security journey
Clearly, cyber criminals are becoming ever more adept at finding ways to work around deterrents.
This makes IT security and cyber security training mandatory for many companies, and this needs to be a continuous process. The good news is that it can help you to prove compliance to the GDPR.
If your organisation still has a long way to go in being GDPR compliant then don’t panic. The team at CARA Technology are waiting for your call and can provide promote and effective IT support throughout Manchester and Cheshire.