What does General Data Protection Regulation mean for your business?

General Data Protection Regulation (GDPR) will come into play in May 2018, and your business needs to be prepared for it.

If you’re a business owner and you haven’t heard of GDPR yet, or you have and you’re yet to prepare for it — now is the time to learn what it is and why you are going to need to abide by it. The movement is that of an EU administered movement — but the UK government has said the law will be instated regardless of what route the country takes to leaving the European Union. The reason the law will still be obligated when we leave the EU is due to being in an effective security measure. It sets the bar for data security and after recent hackings in various sectors, it is well and truly necessary. Another reason for its obligation is due to UK records and companies may have data related to existing EU citizens which will need to remain protected.

Understanding the implications and deadlines

The objectives surrounding GDPR are purely to enforce stronger data security and privacy rules among organisations in all sectors when it comes to protecting personal data and information. The law comes into effect in May 2018, and even though this is a number of months away, making any large organisation GDPR-compliant is going to be a long process. The law requires you to enhance and audit current cyber security measures at companies, as well as documenting existing information. Measures will have to be taken to ensure security alarm systems are up to date, as the law states any data breaches will need to be reported within 72 hours. This section of the law will mean hiring a data protection officer who is responsible for this.

The task can seem equally as daunting to smaller businesses, but for those who do not have a professional to perform this kind of task — it’s a smart move to get a third-party professional inside to get it done for you. This can include security firms, a current trusted parter or a consultancy.

Why is this so important?

A €20M fine. That is why. If you fail to corporate with the terms, anything up to the €20M mark could be fined to your organisation, or 4% of global annual turnover — whichever is greater. This term is also regardless of what or who was responsible for the cyber attack, it still applies.

Something else that highlights its importance are the staggering benefits of bringing this law into force. Adrian Davis, managing director EMEA at security certification organisation (ISC)², argues that:

“You can use GDPR to adopt best practice around the handling, control and security of your organisation’s information; update and enhance your business processes; improve the quality and integrity of data you hold; and to rethink why and how you capture and use personal data of your customers, staff and leads.”

The importance of enforcing this law into your business strategy is paramount and truly is not worth the hassle of not doing it. Use your time effectively, and avoid that €20M fine.