The GDPR train will be leaving the station soon, and if your business isn't ready it might risk breaking the law. The General Data Protection Regulation will be rolled out across Europe on the 25th May 2018. It's attracted a lot of attention from businesses of all shapes and sizes, and with good reason. It's the single biggest overhaul of data protection laws to hit our country for nearly two decades, and it's long overdue. If your business is already complying with current data regulation laws, not a huge amount will change for you, but there are still some things you'll need to be aware of in order to get your business prepared. We'll be covering those things in this article. Similarly, if you're a small or up-and-coming business dealing with lots of customer data and you're not sure what GDPR is or how to make sure your business is compliant, read on.
What is GDPR?
If you're already acquainted with GDPR, feel free to skip this part. For those who don't know much about GDPR, here's a quick rundown. In the 90's, data experienced its first big boom. It was everywhere. Where previously we used the web to surf and send emails, we now used it to do our shopping and apply for goods and services. This meant that we had to put a lot of faith in companies we did business with and give them our personal data, rendering old data protection laws unfit for purpose. The mutually agreed European Data Protection Regulation is our answer to this problem, and will change how businesses and public sector organisations are allowed to handle sensitive customer data.
This is the question all businesses are asking. It's all good and well raising awareness around GDPR and getting your staff talking about it, but what physical steps does your business need to take in order to stay compliant? Here's a quick overview of the main things...
E for effort
This may sound like a given, but the information commissioner's office has clearly stated that it will be lenient on businesses that have "fallen foul" of GDPR as long as they've taken adequate steps to make themselves aware of it. In other words, as long as you can prove that your business has made an effort to adhere to the changes in data law, you're less likely to get hit with a fine.
One of the cornerstones of data law is people's rights, such as the right to access, the right to be informed, and the right to object. Effectively, if you have someone's data on record (such as a customer), you're obligated to comply with them if they request to see it or listen to them if they object to you having it. GDPR is adding to the current list of people's rights, including the right to 'data portability'. You'll need to make sure your business is able to comply with these new rights as well as the existing ones.
It's often the last thing business owners think about once they're up. Since 1998, it's been a legal requirement to display privacy notices whenever personal information is collected (such as on a website), and those notices have remained largely the same with little need to update. GDPR is expanding on these privacy notices, and will require businesses to demonstrate a lot more transparency which will no doubt mean a few re-writes.
Data breach reporting
At the moment, reporting a data breach is a good idea - but it isn't compulsory. Under GDPR, that will change. Businesses will be required to report data breaches to their local data protection regulator if there's a tangible risk to people's rights. This will need to be done no more than 72 hours after the breach occurs, and if people's data is at risk of being stolen they too must be informed. Thankfully, this is common practice among many businesses at the moment, but it will soon be enshrined in law, so make sure you're ready.
The first step toward ensuring your customer data is safe is knowing where it's stored. Is it on a local drive? Cloud based? Is it backed up across various locations? For large businesses, storing massive amounts of data can be messy affair, and over time things get forgotten or brushed aside. Until recently, many businesses took the protection of their data for granted, but with breaches becoming more and more common, that luxury has gone. What you need is a risk intelligence solution, such as the one provided by us at Eurotech Services. A risk intelligence platform will give you a bird's eye view of your data and assess all aspects of risk, giving you an up-to-date and accurate overview of your vulnerability and exposure. Not only can this help you to deal with breaches quickly and effectively when they occur, but it can give you broader visibility and help you stop threats before they can do any damage.
Data protection is all about... well, data protection. What steps does your business take to keep customer information safeguarded? Cyberattacks using the likes of malware and ransomware are more common than ever before, and impact businesses of all shapes and sizes. Even the NHS experienced a breach at the hands of the WannaCry attack last year. Attackers don't discriminate and all businesses are vulnerable - if you have a gap in your armour, they will find it. That's where we come in. We use advanced AV and web protection across your entire system and network to constantly monitor and safeguard against threats. We'll also ensure that your operating system and software is fully up to date with all the latest security patches. Remember, the attack on the NHS could have been avoided had their operating systems had the latest security patch installed.
Dealing with a breach
Building up your defence and gaining business-wide visibility is one thing, but breaches can and do occur. What we're talking about here is the resilience of your business. How does it cope with breaches? Does business grind to a halt? Are your customers impacted? These are very real problems that businesses throughout the UK face at the hands of cybercriminals every day. At Eurotech Services, we do everything possible to shield your business from these attacks and build your visibility and defence, but we also make sure your business is resilient enough to withstand attacks effectively. We use advanced back up and recovery strategies to help ensure that your business keeps moving in the face of a breach.
Accountability and compliance are going to be a huge issue for businesses in the coming weeks, but with the right support and guidance you'll be able to adapt to the new GDPR rules seamlessly. If you have any questions about GDPR or the impact it might have on your business, contact us today.
We also offer our exclusive HealthCheck+ service for free for local businesses with 10 employees or more. This involves a site visit and a full device audit, as well a 20+ page report for you to keep and share. Call 01442 217099 to see if you're eligible and check availability.