What is GDPR and does it concern you?

07 Dec 2017
The GDPR is the EU General Data Protection Regulation which will replace the Data Protection Act 1998 in the UK and the equivalent legislation across the EU Member States. Organisations will have to fully comply with the GDPR by 25 May 2018.

There have been many high-profile instances of major breaches of data protection* recently, such as:

  • Uber revealed that 2.7 million British riders and drivers were affected by a 2016 data breach that it covered up for more than a year.
  • Equifax admitted said personal information of more than 145 million people in the US and the UK may have been exposed in a major data breach.
  • Image-sharing website Imgur confirmed that the emails and passwords of 1.7 million users were compromised in 2014.
  • The Cash Converters data breach, which exposed accounts on the company’s old UK website.
  • Hilton Hotels were fined $700,000 (£525,000) after being accused of mishandling two separate credit card data breaches.
  • The personal data of “millions” of Malaysian citizens for sale on the internet after being stolen from a variety of business databases.

Organisations will have to fully comply with the GDPR by 25 May 2018. GDPR has a very stringent data protection compliance administration with severe and rigorously imposed financial penalties of up to 4% of global gross revenue or €20,000,000 – whichever is greater – for non-compliance. Furthermore, the reputational damage from a breach could be far worse than the financial penalties. Almost two thirds of data breaches (source: ICO) are as a result of human error. It’s important to remember that data and cyber protection starts and finishes with people. And, it’s you and your organisation that will be held accountable if there is a breach; not your IT team or contracted IT provider.

On our travels whilst speaking with organisations about Cyber Primed and GDPR, there’s been some questions raised around Brexit and the chance of the GDPR not being applicable once Britain leaves the EU, however the statement made to Parliament in June gave certainty to the fact that UK businesses will need to comply with GDPR through the new Data Protection Act – further details reported in this article in The Times from July.

So what are you doing about data protection and GDPR in your organisation?

The 4 main questions that you should be asking yourself to determine the impact of GDPR on your organisation are:

  1. What personal data do you hold?
  2. Where is it located?
  3. How are you using that data?
  4. Do you have explicit or implied permission to use that person data in that way?

If you are unsure about the answers to any of these questions, you may want to seek help in preparing for GDPR.

Useful Links:

The ICO website contains a wealth of information for organisations, including useful tools and guidance about how to comply, advice on protecting personal information and how and where to access to official information.

The European GDPR Portal is a resource to educate the public about the main elements of the General Data Protection Regulation

Team up with INSPIRING…

Contact Inspiring on 0800 612 3098, email us or get in touch using the form on the left to chat to one of our team. We will be happy to help by answering your questions and will be able to arrange a call or meeting with a GDPR consultant.

You may also be interested in attending the GDPR Simplified event which is being hosted by Cyber Primed on 23rd January in central London. For more details and to book online, click on the link below:

GDPR Simplified – 23rd January 2018