In short, not yet, you just need to ensure you have a GDPR compliance plan in place, so now is the time to act.
Just in case you have been hiding under a rock lets quickly cover off what GDPR compliance is all about. The GDPR, or the EU General Data Protection Regulation, comes into effect on 25th May 2018. It is a new law that is designed to strengthen the privacy and protect data for citizens of the EU countries.
The GDPR applies to ‘personal data’ of ‘natural living’ people and will cover both automated personal data and manual filing systems.
GDPR will affect all organizations that collect and store sensitive personal data on EU citizens (i.e. health data, email addresses, photographs, biometrics, social security/national identity numbers etc). Even organizations based outside of the EU must comply with the GDPR if they store data on EU citizens. So, if you have a single customer from Europe in your database, you are likely to have to comply with the GDPR.
How will GDPR affect you?
One of the main purposes of the GDPR is to give authorities greater powers to take action against businesses that are not GDPR compliant. This could be by losing data, or not following the data protection requirements. The penalty for a violation is big, with fines up to €20 Million Euros or 4% of the annual global revenue (whichever is higher). Not to mention any other costs associated with a data breach, such as loss of reputation/goodwill, breach notification costs, credit protection for effected customers, and so on.
Whilst the main focus of GDPR compliance is on data security and data protection, the regulation contains much more than that. Internal procedures, backup/recovery, consent, “one-stop-shop” reporting, why data is collected, and the right to be forgotten are all included.
Although there seems a lot to do to ensure GDPR compliance, many of the areas covered by the GDPR can actually be beneficial to companies. For example, the “one-stop-shop” reporting removes the tedious task of having to communicate with separate legal regulating authorities in each of the EU countries in the case of a breach, and companies can instead deal with one authority in one place – most commonly in the country they are domiciled, or have the most prominent presence.
In fact, the GDPR, if implemented correctly, could help you to get closer to your customers, drive innovative new services and increase revenue rather than be a regulatory barrier to business.
What is the main cause of data breaches today?
In 2016, Hacking or malware lead the way with 57%, followed by unintended disclosure with 23%. In fact, incidents caused by hacking or malware represent over 90% of all the breached records last year. A staggering amount of data that could have been protected with better security.
Encryption is universally acknowledged as one of the best ways to prevent data breaches, to mitigate risks and to maintain GDPR compliance. In most cases – encryption is one of the absolute best measures to prevent data loss. GDPR regulation (article 34) specifically calls out encryption as being a method of keeping data secure in the event of a data breach.
What do I need to do to gain GDPR compliance?
Under the GDPR, there are a few things that you HAVE to do:
Implement security measures to protect personal data – Encryption is recommended to protect data throughout the regulation, widely agreed to be the best data security measure.
Notify affected parties in the event of a personal data breach – Has to be done without undue delay. If you can prove the data was encrypted you may not need to notify the individuals concerned.
Pay fines in the event of a personal data breach – If the data was encrypted it’s highly likely that no fines will be imposed
Encryption alleviates ALL of these.
Premier Choice Internet recommend that companies, even if you decide to do nothing else to get ready for the GDPR, stop the top reasons for data loss: Hacking and malware and lost or stolen devices. If you want to reduce more risk, then go to the next step and stop the bad guys at the door. And finally, if you want to protect yourself against the really tricky reasons for data loss, for example human error and unintentional data leakage, you need next-gen Synchronized Encryption that keeps all individual files secure wherever they go, even when emailed externally, copied to USB drives, or uploaded to the cloud.
Seem complicated? Luckily for you, Premier Choice Internet are experts in GDPR compliance so let us do the hard work for you. We can provide process and data flow mapping toolkits, analysis reports, staff training portals and cyber security recommendations and implementation appropriate to you. So don’t wait until the last minute, contact us today and get your GDPR compliance sorted in good time for the deadline.