It is just under a year until the new GDPR (the General Data Protection Regulation of the EU) comes into force, yet many organisations are woefully unprepared and time is running out to become compliant in time. The typical time for most businesses to reach compliance is around 10-12 months.
GDPR has been years in the planning and is a comprehensive response to the fact that the value of data - both to businesses and to criminals - has never been greater. In 2016, the Business Continuity Institute described cyber crime as the biggest threat to business. The UK Government's National Security Strategy categorises cyber attacks as a Tier One threat to Britain's national security alongside terrorism.
The impact of cyber crime on UK businesses is growing astronomically. Recent research indicates that almost 3 million British companies were affected by some form of cyber crime during 2016, at a total cost of £29.1 billion.
When GDPR comes into force on 25th May 2018, it will replace the outdated Data Protection Act. GDPR positions the protection of user information at the heart of every organisation and the responsibility for doing very firmly with the Board.
Many organisations may question whether GDPR is relevant to them. If any business you own or work for holds any personally Identifiable information at all about EU citizens - such as email addresses, landline or mobile numbers - then the answer is yes. Regardless of Brexit, the UK government has confirmed that it will adhere to the EU GDPR, so it is important that businesses understand the new legal framework and are ready to adhere to it from day one.
What are the costs of failing to comply with GDPR? The fine for a data breach has been set at 4% of global turnover or 20million Euros, whichever is greater - this is per incident. There is a fine of 2% of turnover simply for not having records in order. Make no mistake, GDPR will be ruthlessly enforced by the ICO in the UK and failing to adhere to the regulations will have brand, business and career-ending implications. The ICO have recently recruited an additional 200 staff to help enforce the regulation. There are also serious implications for shareholder value in the event of a cyber incident.
At JDC Consultants Ltd (JDCC) we work closely with The Security Circle, a leading UK based cyber security and GDPR consultancy with a team of highly experienced GDPR consultants and practitioners. Such is the complexity of the new regulations that it is important work starts now to ensure that businesses are up to speed with their GDPR requirements and have all the processes needed in place for May next year. With a predicted shortage of GDPR practitioners, data experts are already suggesting that organisations are running out of time to be GDPR ready.
GDPR compliance presents a range of difficulties for organisations of all sizes, primarily to do with understanding what responsibilities it brings to the business and what GDPR will mean in terms of processes, timescales and the costs of becoming compliant.
To help with this, The Security Circle offers a full range of GDPR consultancy services including a GDPR Scoping and Assessment service where the team will meet with the organisation, undertake an assessment with gap analysis and issue a report using GDPR methodology. The report provides a critical roadmap and framework for organisations to understand what is required to become GDPR compliant.
If you'd like to find out more about The Security Circle's GDPR services, in the first instance please get in touch using the JDCC contact details.