In light of the recent International WANNACRY RANSOMWARE CYBER ATTACKS, it has made people pay more attention to Cyber Security and also to data privacy and data protection. Especially those who work with the public or hold personal data. If you see this countdown clock and think “it’s ok, we have ages to go yet” then it could be time to sit down.
We realised how much work is involved from evaluating and implementing changes in how we work in our own business, and we are making changes every single day. These things take time and planning and cannot be done overnight. That said please don’t think that it is all doom and gloom, these changes are coming to help protect everyones data, including yours. Rather than worrying about GDPR we should be embracing it. Change the way you work, think before you do. Soon enough the changes you make will become second nature.
Admitting you need to get a plan together and have areas that need attention is the first step. Actually implementing the plan is the next. With less than a year to go time is ticking, but you do have time to make the right changes. You are not alone, help is available if you need it.
There are some historic changes happening around data privacy and data protection right now. It could mean that the databases you have and information you have of your customers is useless and actually going to be useless or even illegal. In 2015 everyone was given 2 full years to prepare, but many businesses have not even started to do anything about it. We were actually given 2 years because making the changes required takes a lot of time, planning and resource allocating. This is not a quick job. Alarmingly not that many have even heard about GDPR. What is GDPR you say?
In May 2018 the GDPR (General Data Protection Regulation) will be replacing the outdated 1998 Data Protection Act. https://ico.org.uk/for-organisations/data-protection-reform/. An act that was put in place before we all had social media accounts, or smart devices, or for a lot of people even email. So what? Will GDPR effect me? The answer is most probably YES!
Even before the 2 year countdown started ticking, The Drum Magazine put out a video that warned digital design and marketing businesses, that there did not seem to be much awareness of the changes. That it should he high on the entire businesses agenda to make good use of the 2 year lead in as it was no easy task ahead. Even if marketing is not directly your game, if you are in manufacturing, recruitment, health, transport.. ANY type of business, there are plenty of case studies to demonstrate action already being taken. (Video used with kind permission from The Drum).
We have all heard about MP’s leaving laptops on trains, DVD’s with sensitive data going missing in the post, phones being left in taxis – what if this happened to you or one of your colleagues? Are your devices even encrypted? What if a device that you use for work was stolen out of your car, or if you were burgled at home and your laptop went walkies. Could your business continue trading if you were fined tens or hundreds of thousands of pounds? How about millions? A scary thought?
How many people do you know personally who have lost a phone on a night out? Smart phones provide access to lots of personal information, even customer information perhaps, especially if you use your devices for work, have work email setup, Google Drive or Dropbox installed. If the unthinkable were to happen, I am guessing it wouldn’t be that bad because you all have 2 factor authentication set up on your tech right? No?
Hi tech crime is on the up. Phishing scams and CEO fraud are putting businesses at risk on a daily basis. If it’s not ransomware threatening to lock and delete your data unless you pay up (see NHS Cyber Attack), then it could be keystroke tracking software sat quietly in your browser. Often you don’t even notice but it can be learning your how you talk to your staff and customers, it can send correspondence to your suppliers asking for payment to a bank account that is not yours, even record logins to your bank so that it can empty your account. Information Security is only a small part of GDPR readiness. Are you even up to speed on that?
At present data loss, breaches, improper / unauthorised use of personal data, including marketing to people without evidence of opt in permission, can result in fines of up to £500,000 by the Information Commissioners Office. Move forward into 2018 and that will rise up to higher penalties of £17M/€20M or 4% of GLOBAL turnover (whichever is greater). The action taken will be relative to the nature of the problem, but even a relatively small fine could be disruptive to a business.
It won’t happen to me
If you think “well surely this won’t effect my business” it might be time to think again. We have spoken to people who have said “we will just wait until May 2018 and see what happens”. That could be a very dangerous move indeed.
The ICO are already taking action and issuing fines. Not just for breaches, but also to businesses who are contacting customer bases without the proper consent. Flybe and Honda were both recently fined for emailing customers to confirm that they had given consent to receiving communications. The Register – Flybe & Honda Fines article.
Search by sector
To help drive this home and see how business in your sector have already been affected, you can select organisation types and see what sort of action is being taken before the GDPR even comes into effect.
All action, health, marketing, general business, local government, charity & voluntary, finance insurance & credit , online tech & telecoms, criminal justice, land or property services, transport & leisure, education & childcare, media, retail & manufacture, legal, central government, membership association,political, regulators