May 2018 will see the new (GDPR) come into force, which will dramatically change how businesses handle and protect sensitive data.
Currently, if you process personal data within the European Union, you have to adhere to the 1995 EU Data Protection Directive. But this is no longer fit for purpose. GDPR brings it up to date, reflecting modern business operation while better protecting consumers.
GDPR covers a range of issues, but one of the most important is the consequences of a data breach. Currently, not all businesses are legally obliged to report a breach. But under GDPR, any breach that compromises the rights and freedoms of an individual needs to be reported to the individual affected and the relevant authority within 72 hours.
If you do suffer from a breach, you may be subjected to a penalty which will increase from a maximum of £500,000, to 4% of your organisation’s annual turnover or €20 million (£16 million) – whichever is more. When you think about the figures, the potential of these astronomical fines must force a change in mind-set around data security, and encourage more investment and focus in how you protect sensitive data.
First and foremost, your organisation needs to make sure that it is documenting what personal data it holds, where it has come from and who you are sharing it with. Improving visibility and control of the data your organisation holds is paramount to ensuring you can develop an effective security strategy.
Understanding your organisation’s data environment is the next step in preparing for GDPR, allowing you to identify any weaknesses that may be present within your current infrastructure. Once you understand this environment, you can then begin to prioritise defensive measures to help protect the data you store and use. Security solutions and control tools such as firewalls or detection technology are just some ways you can begin to protect this sensitive information.
But ultimately, human beings are the weakest link the security chain. Because of this, education across all levels of your organisation is vital. It is crucial that every employee within your organisation understands the consequences of a security breach, and also knows how they should be handling and processing data once GDPR is enforced.
In the eventuality of a breach, you also need to be able to respond quickly. This can be achieved by ensuring your organisation has the correct processes and practises in place to detect, investigate and report any incidents.
GDPR is going to completely change the data protection game. Don’t be ignorant – be aware, be GDPR-ready.