Data breaches are increasingly making weekly headlines of national newspapers. Whether a breach is accidental or malicious in nature, performed by an insider or an external attacker, it is the loss of data which causes the reputational and often large financial impact to the business.
Organisations have for a long time been playing catch-up in regard to data security and protection. Due to a number of high profile data breaches, industry regulation his increasing its focus on ensuring organisations have in place appropriate protection for personal data.
Under the EU GDPR (General Data Protection Regulation) adopted on 27th April 2016 ( enforceable 25th May 2018) organisations handling EU citizen data can now be expected to be fined up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater. They must also only maintain data as long as necessary, and identify all affected individuals within 48 hours in the event of a breach. The UK ICO is now also seeking to align UK legislation and penalties against the regulation.
This represents a challenge for organisations without visibility and control of the type of data they handle, where the data is located and applicable regulations.
The UK’s decision to leave the UK, or ‘Brexit’ has introduced uncertainty about GDPR, however the ICO has made it certain the UK will enact into UK Law either exactly as the GDPR and may make additional requirements. This is because to trade with Counties of the the EU will require compliance with GDPR as the minimum.
Now is the time to implement appropriate data security measures to locate, identify and protect sensitive business and personal data within your organisation, enabling compliance with applicable legislation such as the EU GDPR and UK DPA (Data Protection Act).
Every organisation is different. Our approach is to tailor the solution for you to meet GDPR with comfortable changes to your established processes. We identify the challenges and suggest appropriate and cost effective solutions that fit well with your business or culture.
Secure India (A Group of Cyber Security Specialists) can help organisations to understand what they need to do to get ready to comply with the GDPR, and continue that support if required, into managing the changes to be ready for May 2018 when the GDPR takes effect. A full legal service is also available, upon request.