GDPR: Why Cyber Security Has Never Been So Crucial
In just over eight months, one of the most far-reaching and comprehensive pieces of European regulation will change the face of how data is stored, handled and protected. The EU General Data Protection Regulation (GDPR) represents one of the most notable changes in worldwide privacy law in two decades and will call for businesses of all sizes to reinforce the processes and safeguards they have in place to protect sensitive data. Fail to do so, and substantial financial penalties will result.
May 25th is the key date for the business diary. This is when GDPR becomes law, and there is plenty to do in order to be ready for the new regime. Eight months really isn’t very long considering the potential enormity of the task that lies ahead.
GDPR – That’s not for me, is it?
GDPR applies to every business across the globe that provides goods and services to, or tracks or creates profiles of, EU citizens, regardless of whether or not that business is EU-based. Basically, if you do business with any EU based audience, you will need to comply with GDPR.
Whilst this is an EU regulation which will automatically fall away once the UK leaves the European Union, it is likely, according to UK government announcements, that the UK will adopt domestic legislation to retain it in whole or in part. So there is no Brexit related get-out clause.
The Regulation will increase expectations and rights concerning data privacy, and will push organisations to follow strict cyber security practices.
Non-compliance will result in hefty fines. Poor data security for example leading to public exposure of sensitive data, in other words a ‘serious violation’, could land a business with a fine of at least €20 million, or 4 per cent of global turnover, whichever is greater. Even less serious incidents would result in a fine of either €10 million being levied, or 2 per cent of global turnover.
Blog submitted by IQinIT – Clever about IT