30 April 2018
May 25 is an important date on the business calendar as it’s when the General Data Protection Regulation (GDPR) takes effect. This new regulation, which covers the collection, storage and use of personal information, is being introduced by the EU to provide a unified framework of personal data protection in an age when smartphones and social media have made it easier than ever to share information.
GDPR replaces the 1998 Data Protection Act, and UK businesses have to adhere to it despite Brexit. The new rules are expected to have far-reaching consequences for businesses, both large and small…
Key points of GDPR
What if businesses aren’t compliant?
Failure to comply with the new rules could have serious consequences for organisations. Individuals could claim compensation if they’ve suffered damage due to an infringement of GDPR, which could mean significant costs for firms. Organisations could also be fined up to 4% of turnover or 20 million euros if regulators think they haven't protected customers' personal data adequately enough [i].
As well as the potential financial harm, failure to comply with GDPR also runs the risk of damaging a business’s reputation, not to mention its relationships with suppliers and partners.
How businesses can prepare for GDPR
Businesses that haven’t done so already need to act quickly to make sure they’re not caught out by the new rule changes. Many of GDPR’s principles are broadly the same as the current Data Protection Act rules, so that is a good starting point to build on.
While it may mean very little change for organisations that simply collect and store information such as customer lists and contact details, the regulations now cover a broader selection of data, including cookies and biometric data.
Firms can review security measures and policies to reduce cyber risks. This means keeping on top of software updates, and making sure employees are trained in online safety, including using secure passwords. File encryption can reduce the likelihood of a big fine in the event of a cyber attack.
The ICO has put together a plan of key actions[ii] to help enterprises comply with the new rules. These include:
GDPR and cyber security
With a lot of uncertainty surrounding GDPR and what exactly it will mean for businesses moving forwards, it would be wise for firms to relook at their cyber security. After all, companies can face fines for cyber breaches due to not storing and protecting customer data correctly, as well as facing reputational damage and potential loss of business.
Making sure that cyber security is a senior management priority within an organisation will become even more important for businesses in the coming months and years. Ensuring that there is a plan in place to not only prevent breaches, but react to and communicate effectively to any that do occur.
Are you covered?
At a time of significant regulatory change, it’s also a good idea for businesses to review insurance policies to check they’re covered against any disruptions or financial risks.
For bespoke cyber insurance, check out our Cyber Cover product. This can be an important addition to a business’s overall risk management strategy.
Take a closer look at our Cyber Guide for details of the some of the most common threats and ten steps to help keep your company safe.
Follow NIG on LinkedIn