The four letters GDPR caused quite a lot of concern almost a year ago. If you were one of the business people who found it difficult to get to grips with, you were not alone. Getting the technology right and adopting new working practises needed to be done, but ensuring that you are compliant with the legislation is going to be a continuous job.
The General Data Protection Regulation (GDPR) came into force on 25 May last year across the EU and had an immediate impact on the way businesses of all sizes handled their data. Client, customer, and B2B details had to be assessed, to ensure that the information was being stored securely and that a significant portion of control was returned to the entities themselves.
The rules and regulations of GDPR are, like many other pieces of wide-ranging legislation, quite complex in detail but the key points are not difficult to understand and act on. One of the main elements of the new laws that confused many businesses was that it didn't just cover the handling and storage of data, but also affected communication with third parties.
They must now respond to anyone asking what information they hold about them within a month and can’t charge a fee. Individuals and companies can also now ask for that information to be deleted unless it has to be kept for legal reasons. These changes, amongst others, have made data protection and transparency a key part of how all businesses, big and small, operate.
The challenge of being compliant with GDPR could lead to significant fines and penalties levied against businesses that fail to stick to the rules. The fines can be as much as 4% of the annual turnover of a business or €20 million, whichever figure may be higher.
Business owners had to make sure that their ways of working and the tools they used were up to the job. It meant that many had to update systems, educate staff, and change how things were done. But not everyone has succeeded in this task.
The term cybersecurity is in danger of being overused and losing its impact, but it should be high on the list of priorities for any business operating in the current trading environment. GDPR compliance involves cyber safety and security because it is a responsibility of anyone holding data to ensure its protection from hackers and leaks.
Business IT infrastructure must be robust enough to be secure against all types of threats, which means knowing that software is regularly updated and the latest security patches and upgrades are in place and used effectively. This aspect of running a business involves more than choosing a software suite as it impacts on everything, from the devices used to how you and your staff interact with the tools at your disposal.
At GCC, we can offer your business the help and support it needs to make sure your business continues to fulfil its responsibilities under GDPR and has the infrastructure and skills needed to do things properly. Click HERE to find out more about Cyber Security Awareness.