The race is now on for companies to ready themselves for the big bad (or good, depending on which way you look at it) GDPR to come into force next year.
It seems like an age ago that our MD, Donna Taylor first mentioned GDPR to the company, and to begin with it seemed to conjure up more questions than answers.
Upon speaking with our customers, many of whom were just starting to hear murmurings of a change in the data protection water, it became apparent that whilst it was something they knew was coming up, it was placed firmly into the back of their mind.
Fast forward 12 months and with the Brexit ‘get out clause’ now firmly slammed shut, it seems that the whole of the UK is talking about GDPR.
To emphasise the importance of Data Protection and the new GDPR, plans for new data protection rules were mentioned as part of the Queen’s speech, and the Queen herself said the UK would retain its "world-class" data protection regime.
In its manifesto, the Conservative party had proposed a Data Protection Bill and the document, further detailing its plans, mentioned some of their key priorities…
- ensuring data protection rules were "suitable for the digital age"
- "empowering individuals to have more control over their personal data"
- giving people the "right to be forgotten" when they no longer wanted a company to process their data - providing there were no legitimate grounds for a company retaining the data
- modernising data processing procedures for law enforcement agencies
- allowing police and the authorities to "continue to exchange information quickly and easily with international partners" to fight terrorism and other serious crimes
Although fines for data loss are already tough, they’re about to get a lot tougher.
Recently, HCA International, Royal & Sun Alliance Insurance and Norfolk County Council were fined for varying data loss incidents, with the fines ranging from £60,000 to £200,000, however once GDPR comes into play these fines will increase drastically.
Technology is only one aspect to GDPR however sometimes, working in the tech industry can make you blind to other data loss pitfalls.
For instance, Norfolk County Council were fined £60,000 because they left sensitive child welfare documents inside a filing cabinet which was subsequently sold to a furniture shop further to an office move.
That being said, technology is still going to form a huge part of GDPR, and let’s face it, the misuse of technology more often than not, can be attributed to sensitive data loss. How often have we heard of unencrypted laptops being left on trains?
Whilst the misuse of technology is a common problem, we can also look to technology as a way to help us on our journey to becoming GDPR ready.
Products such as Data Loss Prevention, File Integrity Monitoring, eDiscovery, Encryption, Log Management, Privilege Management and Two-Factor Authentication will help you prove to the ICO that you are doing all you can to protect your data but which of these are a priority?
When investigating technology as part of GDPR, a natural first step is to take part in a Technology Gap Analysis – what is the point in buying the latest and greatest product if you already have these features buried deep inside an existing product set?
This will help you understand what you have in place currently that can be upgraded or tweaked to move you further towards your end goal of data protection tranquillity.
With less than 12 months to go, organisations, whether they like it or not, must now turn their attention to GDPR…good luck!
To speak with an ITB specialist about a Technology Gap Analysis, please call us: