It has been recently estimated that over a quarter of EU businesses have not even started putting in place the necessary provisions before the EU’s General Data Protection Regulation (GDPR) comes into force on the 25th of May 2018. If you are one of these guilty parties, or even worse, you have absolutely no idea what a “General Data Protection Regulation” is- then make sure you keep reading.
What is the GDPR?
Without getting into all of the complicated legal jargon, in a nutshell the GDPR is a set of new regulations that will become law as of the 25th of May 2018. They have been put in place to provide citizens in the EU with more control over how companies and businesses collect, keep, and use their persona data.
One of the main reasons why the GDPR has been created is to make businesses take responsibility for breaches and loss of data. In a world that is becoming increasingly digitalised, it is important that businesses ensure that their clients personal data is stored safely and securely away from those who are not authorised to access it.
The new rules combine new security measures, new rules around consent, accountability, and breach notification, as well as the requirement for companies to nominate a Data Protection Officer.
What does it mean for me and my business?
If your business is based in the EU and processes the data of EU citizens then this new law applies to you. There is no shirking your responsibilities, and no avoiding your responsibilities- if you are collecting any personal data on your clients, contacts, or associates, then you need to know the ins and outs of GDPR to make sure that you are on the right side of the law.
For many businesses, this will mean a complete overhaul of the existing data protection policy, as well as changes to the way that data is collected and stored, and which members of the company have access, and are responsible for it. Even the most security conscious company will have to make significant changes to their processes, as well as ensuring that all staff members are up to speed and compliant as they carry out their day to day duties.
A recent study has shown that just 7% of EU businesses are aware of what the GDPR means for their business- if you are blushing and sinking into your chair in the acknowledgement that this statistic includes you, then now is the time to take your head out of the sand.
What happens if I do not prepare?
This is not an opt-in policy, nor is it something that you can choose to phase in bit by bit over the next 12 months. By next May, your company needs to be 100% compliant with every applicable aspect of the GDPR, and if you are not, you can expect some rather tough penalties.
Companies that breach the new requirements can expect hefty fines of up to €20 million, or 4% of annual global turnover- whichever is greater. Fines of this scale could easily lead most businesses to bankruptcy, and in many cases, closure.
Data breaches and security slip ups are unavoidably common and threats increase in scale and severity on a daily basis. To quote Verizon’s 2016 Data Breach Investigations Report; “no locale, industry, or organisation is bulletproof when it comes to the compromise of data”. With this in mind, it is imperative that all businesses, no matter how big or how small, are aware of their new obligations so that they can prepare accordingly.
Pleading ignorance in the wake of a breach or security issue, will not cut it with the GDPR so it is better to be safe than sorry, and prepare well in advance.
How do I make sure I am ready?
Well this is the difficult bit. Unless you are a lawyer specialising in data protection, it might be a bit difficult to navigate the jargon and complex language used to write the legislation. That is where Holistic Institute of Technologies comes in.
We understand how security, technology, and data protection works and we are on hand to help you, and your company come into line with the new regulations. Whether you need a comprehensive course, or personalised consultations, we are able to assist with businesses of all types and sizes.
Remember, that these things take time to understand and implement and before you know it, May will be upon us. Don’t waste any more time and get in touch with us today to find out how to protect yourself, your clients, your business, and how to make your company GDPR ready.