GDPR are new rules due to be implemented by 25 May 2018 and designed to replace the outdated Data Protection Act 1998.
With only four months to go until the new rules become legislation, business owners and employers everywhere in the UK are rushing to improve their cybersecurity and familiarise themselves with the intricate requirements before they are caught out.
How will GDPR Affect your Business?
Under the new rules, a business must have the consent of the individual to store their data and they must remove it instantly when consumers make the request, along with other requirements.
Another example of a new requirement would be the heightened right for consumers (and the ICO) to be notified if there has been a breach or cyber attack which affects their data.
They must be notified within 72 hours.
Many business owners may be under the impression that failing to report to the ICO immediately will leave you with a devastating fine worth millions of pounds.
Fortunately, the ICO has clarified that they will be proportionate when issuing fines and simply expect businesses to act honestly, responsibly and quickly – but this is not to say that companies will be let off lightly for failing to take customer data security seriously.
What do Consumers think about Online Security?
Whilst the eye-watering fines issued for non-compliance would be devastating for a business, so would be the unfixable damage to your company’s reputation in the eyes of your clients.
Deloitte has found that consumers would be 80% more likely to do business online with a company that clearly takes data security very seriously.
However, out of the consumers who were surveyed, 51% said they would be forgiving if a company suffered a breach concerning their details – just as long as the issue is dealt with quickly and professionally.
An infographic on Consumer Privacy put together by TrustArc has shown that cybersecurity is a huge concern of clients, as a staggering 92% of online consumers cite privacy and security as a concern.
TrustArc also found that 68% of respondents believe online security should be a human right.
Is your Business Compliant?
Despite the introduction being less than five months away, a very small percentage of the UK’s SME sector is completely GDPR compliant.
Worryingly, cybersecurity experts Symantec carried out a report on over 900 businesses across the UK, France, and Germany and found that a colossal 90% of companies are concerned about their ability to comply with the GDPR.
35% of respondents also said that they do not believe their organisation takes an ethical approach to securing and protecting data, and only a mere 20% feel it is possible to become entirely GDPR compliant.
These statistics are shocking once you take into account the very slim time frame we have before the GDPR comes into effect.
How can you be Preparing for the Changes?
We recommend following our 5 key steps to compliance:
- Educate yourself on employee rights
- Create a data breach response plan
- Be aware of the Subject Access Request changes
- Make required changes to the recruitment process
- Use data for its intended purpose only.
What are the Consequences of Non-Compliance?
The penalties for violations of security and record keeping or failure to notify consumers of a breach will be around £9 million but this will be doubled in the event that someone’s personal data and freedom rights have been breached.
Want to learn more? Book on to our FREE Seminar