The May 2018 deadline for GDPR is non-negotiable. Fail to have your policies and procedures relating to information and data security, and privacy updated by this time, and you could face serious penalties. Here, we take a look at the risks of non-compliance with this new set of comprehensive data regulations.
General Data Protection Regulation (GDPR) is the most notable change to global privacy laws we have seen in the last few years. By 25th May 2018, your business must have made changes and improvements to how it collects, stores, manages and deletes data.
It does apply, Brexit or not
For the UK, it presents a challenge at a time that the country has its eyes fixed on Brexit. With many businesses assuming GDPR won’t affect ‘us’, there is a sting in the tail of their argument. GDPR applies to EU citizens, therefore, as a British business if you sell or buy from EU citizens and businesses, you will be bound by this set of regulations.
Even with ISO 27001 Information security management systems in place, GDPR places a new set of obligations on business including;
- data subject consent
- data anonymisation
- breach notification
- transborder data transfer
- the appointment of a data protection officer
For some businesses, this means undertaking major organisational reforms but for others, specifically those with ISO 27001 under their belt, the changes may be smaller but no less important.
The consequences of not complying with GDPR
The UK Government alongside the Information Commissioners Office (ICO) has stated that no new legislation will be put in place to cover the continuing and growing threat of cybercrime. Effectively, they say, protection against cybercrime is the responsibility of the business owner.
They will, however, introduce legislation about the use of data. If data is protected, they reason, then any cyber attacks would yield little in the way of results because personal data is protected and safe.
The penalties for non-conformance with GDPR are eye-watering. Infringements of key areas could lead to a fine of €20 million or up to 4% of total global revenue, whichever is greater.
Fines for other breaches and misdemeanours within the regulations are slightly lower at 2% of global revenue or €10 million, whichever is greater.
If nothing else, these figures send a clear message: ignore GDPR at your own cost.
The figures certainly outstrip what they currently ‘pay’ in terms of tidying up after a cyber-attack. Each breach costs anything between a few hundred to millions of dollars to clear up . In other words, there is a cost to cyber attacks that affect a business and so by tightening up security and management of data in line with GDPR, the outcome is obvious: it will save you money in the long run.
There is no defence of not complying with GDPR by 25th May 2018. Ignorance is no defence, nor is ‘we were too busy, ‘we didn’t know how’ etc.
Some businesses will have a lot of work to do to meet the regulation, others less so. At Synergos, we recognise the implications of GDPR on your business which is why our GDPR Review service is in hot demand.
We take an objective look at your current processes, matching them against the criteria of GDPR. You will have a clear picture of what needs to be done between now and the end of May to ensure you meet GDPR.
Don’t leave it too late.
How can we help you?
If you’re in need of assistance with any aspect of GDPR compliance, here at Synergos we’d be delighted to help. Whether you have questions about the path to compliance or are looking for advice and support to maintain compliance, call 01484 817 444 or Email firstname.lastname@example.org and we’ll be happy to talk it over with you.