GDPR is without doubt the most discussed topic at every business gathering right now, from small club get-togethers to large networking events. The EU General Data Protection Regulation has been coming for a while, but with the ‘enforcement date’ of May 25th is just on the horizon, the marketing activities of companies in a position to exploit gaps in GDPR knowledge have ramped up considerably.

Some of the tactics being employed seem a little on the scary side. Type ‘GDPR’ into any search engine and you’ll see what I mean. ‘How prepared are you for GDPR?’ ‘Will You Be In The 20%?*’ ‘Fines Of Up To €20 Million’… and the bulk of the paid ads are from IT/tech/cyber security firms.

Let’s be clear here – GDPR is NOT an IT issue. It is an update to the existing data protection regulations, which in the UK is covered by the Data Protection Act. GDPR addresses some of the shortcomings of the existing regulations and has increased the fines for those who do not comply dramatically, enough to give headline writers a field day it would seem.

So why is GDPR the buzzword in IT right now? Because it has turned the spotlight on data management and how businesses handle their stored information, especially personally identifiable or sensitive data. Since the bulk of an organisation’s data handling, processing and storage is likely to be electronic in nature, cyber security has been bumped up the agenda of any business looking to ensure that they comply with the new legislation.

I don’t believe any company currently complying with the existing DPA has much to be scared about, as long as you have a robust cyber security strategy and you have only the data you need. Do an audit of your data to start with – once you know what you hold you can interrogate why you have it and whether you even need all of it. The data that you retain may need consent in order for you to process it – GDPR gives increased power to the individual in terms of the storage and use of their information.

On a technical level, the advice I give is that you should expect to be hit by a breach – security solutions can and will fail. This is not a ‘scare tactic’, it should shift your focus onto doing everything you can to minimise the impact when it does happen. Get expert advice on your access, control and security systems, deploy multiple layers of technology to ensure threats are caught and implement network segmentation to minimise the chance of human error.

There are practical things that you can do right now to make sure you’re ‘cyber-ready’. Go to a seminar or workshop being held in your area that can tell you more about GDPR and has hosts that can answer your specific questions. I’ll be speaking at one later this month in Thirsk where I will outline the key issues on protecting your business against data loss, preventing reputational damage and avoiding business interruption. I will be supported by Alex Craig from Muckle LLP who will explain the key points of GDPR and the potential legal consequences should you fail to comply.

The clickbait headlines may make for scary reading, but with the right advice and a good cyber security strategy, there is no need to fear May 25th.

Venue: The Courtroom, Rural Arts, The Old Courthouse, 4 Westgate, Thirsk YO7 1QS
Date/time: 8.30am registration for 9am start (one hour briefing), Friday 23rd February

Please RSVP to Carol White, cwhite@razorblue.com.

*20% is the figure being quoted currently as the amount of businesses that WILL comply with GDPR come May 25th.