So what are the consequences of not complying to the EU General Data Protection Regulations ?
I recently wrote a blog ‘What is GDPR and why do you need it?’ to highlight the real meaning behind why data protection is changing.
What Are The Consequences Of Not Complying To The GDPR?
The UK Government and Information Commissioners Office (ICO) have declared that no new legislation will be introduced to cover the growing threat of cybercrime as this is a business owner responsibility to address.
What they will enforce though is legislation about the use of data… If data is protected then at least any cyber-attacks will mean that personal data is (or should be) protected and safe.
What Are The GDPR Fines Or Punishment?
So the focus is on the GDPR and the penalties for non-compliance are eye watering
- Infringement of Articles 5, 6, 7 and 9 carries a penalty fine of up to €20M or up to 4% of total global revenue of the preceding year, whichever is greater.
- Infringement of Articles 8,11, 25-39, 42 and 43 carries a penalty fine of up to €10M or up to 2% of total global revenue of the preceding year, whichever is greater
In summary, we know that the GDPR is coming, that it will become law in May 2018, that it is important, that it should not be ignored and that there will be some pain if we fall short.
You need to comply to the GDPR so the question is…
What Should We Be Doing Now About GDPR Compliance?
The ICO have issued a 12-step guide about all the areas for preparing for GDPR which is very helpful plus lots of other essential content about the definitions of data and what is needed going forward.
One of the big priorities for a business owner is making sure you and your staff are clear that new legislation is coming and why. Then to start to become more thoughtful and diligent around the use of data.
You then need to considering how your business meets up the new requirements by considering 4 key areas:
- Data Identify
- Data Protect
- Monitoring of Data usage
- Notify of Data breaches
The journey to the GDPR compliance will continue to evolve as more details and facts are issued by the ICO. Many businesses will look to source and answer for themselves.
What Support Is There To Become GDPR Compliant?
There are 3 main types of support to help you become GDPR compliant:
- A risk review of data protection and to consider GDPR readiness which should specifically look at the questions and areas above and how you collect, use store and delete data.
- The new IAMSE standard and accreditation will give you a GDPR ready badge. This would give outward declaration to your customers and suppliers about how your business protects data.
- The top standard is ISO 27001 which provides significant evidence that you are GDPR ready and manage your IT and systems to internationally recognised standards.
If you’re interested in finding out more about any of the above services and accreditations then please contact us.
Time To Choose the GDPR?
In summary the GDPR is now looming on the horizon. How you go about tackling GDPR is a matter of choice, but it’s definitely time to act.
Non–compliance will have consequences with big penalties.
The indirect consequence of damaged reputation and the potential loss of customers who may feel their personal and sensitive information could be compromised.
Don’t be the one panicking in 2018, get in touch.