The GDPR, or General Data Protection Regulations, are new EU regulations which will make the current Data Protection regulations much stronger. The GDPR comes into force in May 2018 and, if breached, could result in a fine of up to 4% of global turnover.
The regulations will still affect UK organisations after we leave the EU. The UK government and the Information Commissioners Office (ICO) have indicated that, even if they don’t continue with GDPR, they will be looking for something equally as robust. Similarly, if you are processing the information of EU nationals or trading across the EU, then you will need to abide by its regulations. For example, if you run a hotel, the chances are that some of your guests will be EU nationals, so you will still need to meet GDPR guidelines.
Traditionally small/medium (SME) business owners believe they are “too small” to be a target for cybercrime. However, SME’s are an attackers goldmine as they are more likely to pay ransoms and often lack adequate cyber security measures. A SME could also be used as a gateway to larger organisation if they’re a supplier to one.
What should you do?
You may have heard of the ‘cyber essentials’ scheme, which launched in June 2014. If you haven’t it’s a government and industry backed scheme to help all organisations protect themselves against common cyber-attacks.
GDPR will require more than just meeting Cyber Essentials certification, but Cyber Essentials is a great first step. By becoming Cyber Essentials certified, you can demonstrate that you’re taking action to protect personal information. As a result, It can mitigate ICO fines if you were to suffer a data breach. Cyber Essentials certification is evidence that you have taken steps towards protecting your business and your data from internet based cyber-attacks.
Also, look for the Cyber Essentials badge when dealing with other companies as suppliers. As an IT service provider, we’ve been though the Cyber Essentials certification so that our clients know that any information that we hold on them and their IT system is held securely. Not everyone in the industry takes the same precautions and although they might say they’re protected, it’s worth looking for independent verification.