GDPR countdown, it's now less than 6 months to go...

GDPR – It’s now less than 6 months before the General Data Protection Regulation goes live, are you ready for it?

risk dice for gdpr blog.jpgIn the third of our series of blogs relating to the impact of GDPR on businesses we take a closer look at cyber security.

We are all aware that the General Data Protection Regulation (GDPR) will come into force across the EU on  May 25th 2018.

We also know that the implications of non-compliance with the new regulations appear to be dire at best and catastrophic at worst, with figures such as 4% of turnover or 20 million Euro being quoted as the likely level of penalties…more than enough to capture the attention of every business owner, finance director and head of IT.

So, we know when it is arriving and we know that ignoring it is not an option, but what do you need to do in order to be ready?

The timescales for adoption of the new regulations are worryingly tight, we are now less than a year away from the change and organisations of all sizes should be making plans right now. To help with this planning, we will be taking a look over the next few weeks at the effect that GDPR will have on businesses in the UK, will Brexit make a difference? Will sales and marketing operations be affected? How much will compliance cost and what are the differences between the current rules and the new regulations?

As recent high-profile events have shown, robust cyber security is essential for any organisation and GDPR will demand an even greater examination of a company’s ability to withstand attack or mistakes when it comes to storing and handling data.

Surrey based IT consultancy, nTrust Systems has seen a dramatic increase in the awareness of cyber security issues but also an alarming reticence of some companies to take even the simplest precautions against the threat.

nTrust Managing Director Russ McKenzie is a sought after speaker and regular panel contributor on the subject of cyber security and he offers the following advice.

"GDPR has focused a lot of thought on the subject of cyber security and rightly so, it is a huge issue and some of the statistics are frightening, over 50% of cyber-attacks target SME’s but only 14% of SME’s believe that they could successfully manage an attack. However, the most common cause of a security breach is not malicious intent but human error or system failure."

In 2014 the UK Government launched an initiative called Cyber Essentials, backed by the CBI, FSB and a number of leading insurance organisations. The Information Commissioner has stated that he “supports the Cyber Essentials Scheme and encourages all businesses to be assessed against it” and here at nTrust we highly recommend certification.
The process of certification looks at 5 key components, secure configuration, access controls, firewalls and gateways, patch management and malware protection.

Successful completion of Cyber Essentials certification can;
• Help address compliance requirements for GDPR
• Demonstrate a company commitment to data protection
• Reduce insurance costs
• Increase the likelihood of securing public sector contracts
• Protect against around 80% of cyber-attacks (according to HM Govt statistics)

Russ concludes by suggesting that you ask your IT manager or consultant one simple question…’what are we doing about GDPR?’ Their response should tell you how well protected you are against all manner of cyber security issues, not just data protection.

Further evidence of the lack of preparedness of many companies comes from Dr Adam Marshall, Director General of the British Chambers of Commerce who in a recent statement said;

‘“Firms need to be proactive about protecting themselves from cyber-attacks. Accreditations can help businesses assess their own IT infrastructure, defend against cyber-security breaches and mitigate the damage caused by an attack. It can also increase confidence among the businesses and clients who they engage with online.
Businesses should also be mindful of the extension to data protection regulation coming into force next year, which will increase their responsibilities and requirements to protect personal data. Firms that don’t adopt the appropriate protections leave themselves open to tough penalties."

Realising the implications of non-compliance with GDPR regulations and being aware that the new rules impact every business that uses personal data in their day to day operation is one thing but what can you do right now to get started?

Thankfully, there is plenty of help out there and a great place to start is with the Information Commissioners Office, their ’12 steps to take now advice is packed with advice and is available as a PDF.

The checklist highlights steps that could, and should be implemented immediately. Helpfully, the ICO also point out that while companies complying properly with current regulations will be able to use their existing approach every business should guard against complacency. Some of the new regulations are new and others feature significant enhancements to the existing rules.

On the face of it, many people might see the GDPR rules as overwhelming and indeed there is plenty of work to be done by businesses large and small. Our advice is to use the available information and check with of the new regulations impact your business the most, then start with these elements.

GDPR is happening so rather than consider this as an additional burden why not use the changes as a catalyst for making positive adjustments to your own business? In an upcoming blog we will look specifically at GDPR in relation to marketing, the impact that the new regulations will have upon sales processes and how to make the most of the new law.

Internet security is fundamental to the new system, if your business is not already protected to an appropriate level then this is the perfect opportunity to get started. Cyber Essentials certification is straightforward and inexpensive, more information can be found on the HM Government website.

Here at Kompass, data is our business and the likelihood is, that if you have read this far, it’s key to your business too. As professionals it is up to us to lead the way towards successful adoption of GDPR and whether you are a data manager, IT Director, company owner or Managing Director it is vital that we all take responsibility for the continued well being of our businesses. If you need help with any of your data please speak with one of our data specialists or request a call back, we're always happy to help - contact Kompass.


Ian Blyth
Managing Director C & H Marketing

Disclaimer: Please note that this blog only contains general information and insights about legal matters. The information is not advice, and should not be treated as such.