It’s just a year to go until the General Data Protection Regulations come into effect. Most likely there will be one of three reactions from those of you reading this piece of news:
Relaxed. For those who know all about it and how it will impact your business, bravo! Hopefully you have done more than read up on the subject and have worked through the implications for your business, amending business strategy, processes and documentation (including your cyber security strategy). In which case you might even allow yourself to feel a little smug.
Complacent. Alternatively, for those who practice just in time management, perhaps because you currently have neither the time, resources nor inclination to be bothered with the GDPR and are also working on the premise that you’ll worry about it when it materially impacts the business, a note of caution. By the time you feel that material impact it could already be too late and GDPR could be biting you in the arse. A potentially expensive mistake.
Ignorant. If GDPR means nothing to you. Don’t worry, you’re probably in good company. But may we counsel against jumping into Category 2. At the same time, be cautious about what you read. There are some out there trying to make it a bigger deal than it might actually be for your business. In the words of the Information Commissioner’s Office
“You are expected to put into place comprehensive but proportionate governance measures.” So, what might be expected of a FTSE 100 company might not be either appropriate or expected of yours? Therefore, either research extensively or get some sensible advice.
In the meantime, whilst you choose the category into which you feel you might best fit, some food for thought:
The GDPR come into effect from May 2018 and BREXIT won’t change that.
But leaving your planning for dealing with GDPR until April 2018 will be too late. Some are advising that Q3 2017 might be cutting it a bit fine. The onus on you to obtain consent for the data you store and use is different from the Data Protection Act. Do you know what you need to do?
If you have a breach, (the theft or loss of data,) you must notify certain parties within 72 hours. Do you know who those parties are?
The financial penalties for non-compliance are considerable. The penalties imposed last year under the DPA amounted to c.£900,000. The equivalent fines under GDPR would amount to c.£69 million!
By being proactive, you can reduce the risk of breaching the GDPR or mitigating any fine in the event of a breach. Do you know what you need to do? If not seek professional advice.
1 votes, average: 4.00
Loading...