What law is going to catch you with your pants down? (or why you NOW need to understand GDPR as an EU business)

You may have heard the term GDPR (General Data Protection Regulation) and if not you certainly will. As we approach May 25th 2018 when this becomes law the noise around this will grow.

Don’t stop reading now as the acronym seems boring and not relevant to you, it is and it is !

What’s happening is a new law will come into play across Europe, yes the UK included too, Brexit or no Brexit it will apply!

This is not another year 2000 hype where there was no impact or pain. The impact is already happening and the pain is going to get greater!

If you’re not sure what the GDPR is or how it will affect your business, now’s the time to start paying attention.  This is all about company’s legal liability to protect data they hold on staff, customers and in fact anyone where personal details are stored and the impact (fines £) that are going to ensure if you don’t!

So this encompasses cloud, on premise, IOT and mobile, no matter where you store data, if it meets the criteria of personally identifiable and relevant information then you need to comply. Ignorance will not be an excuse and in fact will put you in a far worse position. Better you can demonstrate your diligence of action and how you have tried to mitigate any risk as a defence. It is good practise to be able to demonstrate that you have attended training, acted on the process recommended from it and tried to do the right thing and you have a far better chance of being treated leniently and worked with rather than against it should the worst happen.

There is a wealth of information and articles on GDPR available, unfortunately they mostly quickly defer to complex detailed information and do NOT give clear and plain guidance as to what it means and what needs to be done, hence stats such as “96% of businesses do not fully understand GDPR (Source : Symantec 2016)”.

So let’s make this clear and simple in 3 buckets, why it is, what it is and what you need to do;

Data is important and you have a legal responsibility to do certain things

Data breaches hit all-time record high in 2016 with an increase of 40% over 2015!

You may have already heard about some of the high profile names who had such breaches in the last couple of few such as Three Mobile(UK), French naval defence contractor DCNS,  Vodafone (Germany), Tesco Bank (UK) , Bundestag (Germany), the Czech Ministry of Education, the Irish Department of Social and Family Affairs,  Kiddicare (UK) and we could go on and there will be more of these stories coming for sure!

Data Protection Laws are long due an overhaul. For example most Data Protection Acts have not been revisited since the late 90’s at best, since when the world has changed radically;  the internet, cloud, and mobile changing the volume of interactions and data exchanges taking place.

What GDPR is

GDPR is the new law that requires from May 2018, any business that operates in the EU or handles the personal data of people that reside in the EU must implement a strong data protection policy to protect this client data. It is the EU’s way of giving customers more power over their data and less power to the organisations that collect and use such data for monetary gain. Businesses that fail to meet the new standard will face fines of up to 4% of global turnover or €20m (whichever is larger) and businesses that suffer from a data breach without having adequate measures in place will suffer the same.

So this is a law, something mandatory you need to take action on as a Director of a firm with Director liabilities and something that your customers care about. See this not as a threat but as an opportunity to get your ship in shape and proudly state to customers you have been on GDPR training and are taking action with processes to be a good caring supplier. Consider putting a GDPR and how we care for your data section on your website, alongside contact us and about us.

What Action you need to take….  (and Don’t Panic)

You need to be prepared as a business to take action now and to mitigate the risks you face.

Do not assume you are immune from a security leak of data and that you can deal with it afterwards!  By taking action now you can help reduce the risk of it happening and by taking demonstrable action will provide you a defensive protection  should the worst happen.

The May 2018 deadline may seem a long way off at the moment , but businesses must act today in order to understand what it will take for them to achieve compliance and to have time to do it and to do it without panic and fitting it in alongside your day to day running of the business.

You need to get the ball rolling and have a plan of actions for your journey to GDPR, so that come 2018 you have no panic, no worries and can assure your customers of your compliance.

There is much talk for example that every organization will need to appoint a Data Protection Officer and that failure to do so will expose you to possible huge financial sanctions. In some cases this may be required, you need to understand this now and the most effective plan you can take to ensure you are compliant in the most effective manner for your business.

The last Information Commissioners Office survey found that 75% of adults in the don’t trust businesses with their personal data.  So as well as being legally compliant you can also utilise this in a positive way to assure your clients are assured in dealing with you.

You will find many offering 3 day courses and/or complex expensive consultancy and whilst for some this may be appropriate, for most allocating someone in your business to own the process as a special project ownership and sending them on a days awareness and process training workshop now will get you on the way with plenty of time to work it out well for your business.

If you wish to know more and find out what sort of training options are available and costs checkout gdpr.direct

 

 

 

Ian Moyse

Ian Moyse, is Sales Director at Natterbox, a Cloud Telephony provider and has over 30 years of experience in the IT Sector, with 25 of these in Leadership roles. He was named #1 on the top 100 cloud influencers list in 2015-2017 and #18 on the IOT influencers list.. He is recognised as a leading cloud Blogger and was listed in the EMEA top 50 influencers in Data Centres, Cloud & Data 2017. Ian can be followed on twitter here > www.ianmoyse.cloud In 2015 he was named 48th most connected on LinkedIn Worldwide and awarded a Linkedin Power Profile as a top 10 Influencer in the UK technology sector. Starting as a Systems Programmer at IBM in the mainframe environment, he has held senior positions in both large and smaller organisations including Senior Vice President for EMEA at CA and Managing Director of several UK companies.  Moyse has been keynote speaker at many events and runs one of the largest Channel Discussion Groups worldwide on LinkedIn. He sits on the board of Eurocloud UK and the Governance Board of the Cloud Industry Forum (CIF) and in early 2016 Ian was appointed to the Board of FAST (Federation Against Software Theft) as their cloud advisor. Other accolades to Ian's name include being awarded global 'AllBusiness Sales AllStar Award for 2010' and The 'European Channel Personality of the Year Award for 2011' and he was named by TalkinCloud as one of the global top 200 cloud channel experts in 2011 and listed on the MSPMentor top 250 list for 2011 which tracks the world's top managed services experts, entrepreneurs and executives. Ian was also given the accolade by Channelnomics of 2011 Influencer of the year for Europe Recognition: ✔ Sales Director of the Year 2015 (Institute of Sales & Marketing Awarded). ✔ Sits on the board Eurocloud UK & Governance Board of Cloud Industry Forum (CIF). ✔ 2014 Ranked 9th w/wide in top 50 most influential people in Sales Lead Management (SLMA) ✔ Klout Social Score 79 ✔ TalkinCloud global top 200 cloud channel experts 2011 ✔ Listed on MSPMentor Worldwide top 250 list for 2011 & 2014 ✔ Listed in top 25 of the w/wide SMB Nation 150 Channel Influencers list 2012 & 2013 https://about.me/imoyse

Have Your Say: