GDPR: Raising awareness of the new information security standard
If you haven’t heard of the European Union’s General Data Protection Regulation (GDPR), then you are not alone. Recent survey data shows that more than 60% of the working age adult UK population have not heard of the legislation.
Despite Brexit and the invocation of Article 50 to trigger negotiations on the terms of Britain’s departure from the EU, this forthcoming regulation is being written into UK law.
Key data points in the survey showed:
- Almost 63% had never heard of the GDPR
- Less than 10% of respondents claimed a detailed knowledge of the GDPR
- Around 14% said they had heard of the GDPR but didn’t know what it is
- A little over 13% said they had some understanding of the GDPR
- 4% had not been told anything about the GDPR by their employers
- 6% said the GDPR had been mentioned, but that they were unsure of the details
- 21% said they had been offered “plenty” of information about the GDPR
GDPR bigger fines, training and good governance
One of the most significant facts about GDPR is that it allows for fines that go way beyond any previously handed out by the UK ICO (Information Commissioner’s Office) for breaches of the DPA (Data Protection Act). This is certainly something that is set to focus the minds of those in the boardrooms of companies of all sizes that are charged with responsibility for good governance.
For example, the TalkTalk breach, where the hackers exploited a vulnerability that was well known and which would have been secured by competent security best practice, attracted a fine of £400,000 in October 2016. Under the lower GDPR financial penalty tariff (2% of annual global turnover or €10m, whichever is higher), TalkTalk would have been hit with a penalty more than 9 times greater – £3.68m.
The technical implementation of GDPR is of course something for each business to implement through its internal IT teams and the external service providers of their choice. However, it doesn’t stop there. There is a significant need to ensure network users observe company security policies and employ best practice to minimise the potential for breaches.
Employers will need to document and demonstrate employees have been trained so that safe GDPR behaviours become embedded. The degree of training provided is set to be a key consideration in determining the scale of any financial penalty that results from a security breach.
Closing the gap to GDPR compliance with Paralogic
GDPR is set to enter force on 25th May 2018, just about 14 months’ time. However, there are no quick fixes to compliance. The best approach is a thorough assessment of where a business currently stands on its IT security arrangements and then following a process to work out how it is going to get where it needs to be to meet the GDPR standard.
Paralogic helps customers by providing a thorough assessment of where your business currently is with its IT security. From here we work with your team to develop a clear plan of how to get you to where you need to be to achieve compliance with the GDPR standard.
To find out more about how we can help your firm close the gap to GDPR compliance, simply get in touch today.
Do you want some free, Strategic IT support?
Get started with a free one hour IT consultation. Discover the latest technology and discuss your current and future IT requirements.Talk to us ›