How much can it cost you, when your data is breached?
Under GDPR, the data protection regulator, AKA Information Commissioner’s Office (ICO), will have more power to defend consumers, and issue fines of up to £17m or 4% of global turnover, in cases of the most serious data breaches.
These fines replace previous monetary penalties (capped at £500,000) and are part of the maximum fines set by the GDPR for non-compliance.
What is the GDPR?
The General Data Protection Regulation (GDPR) is the European Union’s new legislation – to protect the personal data of EU citizens.
GDPR updates the (now ancient!) 1995 Data Protection Directive (DPD); these rules were created as the digital age began and are totally inadequate as far as citizen protection goes. All organisations were given a two year lead in period to become compliant, ending 25th May 2018 which is getting closer very quickly
What does it mean for businesses?
GDPR applies to ALL organisations operating in the EU, or with EU data. Failing to comply is not just about the fines (although that’ obviously pretty significant too), and it’s likely to make a significant impact on your organisation’s reputation.
Here are some areas you will need to consider:
- You need an accurate record of all data operations and activities
- You should always undertake a data privacy impact assessment (PIA) for all systems and new projects
- You may need a data protection officer (DPO)
- You must always inform the supervisory authority of a data breach
- All data processing systems and procedures must be reviewed.
When do you need to do it?
Businesses must be compliant with the GDPR by 25th May 2018.
What can you do about it?
WE can help! Data Shepherd can support you with products, and the technical expertise required for GDPR – along with contacts and partners who can offer all the other services you will need.