Are companies taking GDPR seriously?

Next story

Data breaches are a problem that a lot of companies don’t actually take seriously, but what are the repercussions of neglecting cyber security?

There have been a host of major data breaches over the past year compromising customers’ personal data; most recently the Equifax hack, which put 143 million people, with 400,000 being in the UK, at risk.

May 2018 will see the current Data Protection Act (DPA) being replaced with the EU’s General Data Protection Regulations (GDPR), which implements tougher penalties for failing to comply with the handling and storing of personal data, as well as increasing the data protection for consumers.

Mark James, ESET IT Security Specialist, looks at the implications of increasing cybersecurity concerns for organisations, including the adoption of the EUs GDPR and what this will mean post Brexit.

“I think most, if not all, organisations at some point are concerned about cybercrime.

“For some it’s a case of hiring the required professional, relying on their expertise and taking the recommendations of them or their team to put into play the right policies and procedures to protect them in case of a cyber-attack.

“For others it can be a minefield, knowing your weak points or trying to understand how an attack works and looking for all the possible attack vectors is not only hard, it can seem almost impossible.

“In most cases you may not even be able to stop the attack, but there are measures you can take to protect the data of your clients: encryption, segregated data, policies and procedures for user access and control are all measure that will help you if things go wrong.

“In May 2018 the GDPR comes into effect. This will affect any company in, or trading with the EU in either paid or free services.

“It will be policy in the UK, for us to be a tradeable nation with strong economic values we will need to adopt the full force of the GDPR.

“The government has confirmed that the UK’s decision to leave the EU will NOT affect the commencement of the GDPR.

“The biggest concern for a lot of us in the industry is the amount of businesses that still think they have loads of time to do something about the GDPR.

“I am sorry to say, but it’s just not true. May is not that far away; some procedures will require professional help to implement and get rolling.

“The government has already stated that saying ‘I am not aware’ or ‘I did not know”’ is not going to cut it, and the fines for non-compliance could be huge, not the £400,000 we have seen so far, as in some cases it could be millions if you have failed to protect.

“But we need to understand the fines are not for being involved in a data breach, it’s for not doing enough to protect your users’ data.

“If you have done all you can and implemented all the possible procedures and taken all the precautions that’s available then you should be safe.”

Are you prepared for the GDPR? Read our guide if you need some help. Let us know how else we can help on Twitter @ESETUK.

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.