Cyber-attacks and data breaches are a real threat to businesses in every sector. We’re collecting more and more personal data from customers each year, and this isn’t just valuable to businesses – it’s prized by criminals. In 2016, one in five British businesses fell victim to a cyber-attack.
To try and combat the growing number of cyber-attacks, the EU is introducing new legislation in 2018 designed to update and harmonise data protection laws and protect private data. It’s called the GDPR, or General Data Protection Regulation and every business that works with EU customers will need to prove it is compliant, or risk heavy fines.
In this article, we take a look at the current climate, before exploring the new regulations, and looking at what UK businesses can do to ensure they are ready for GDPR.
Cyber Crime Statistics
Cyber-crime is a growing problem across the world – and it’s not just big names like TalkTalk, BT, and Tesco Bank that have been targeted.
According to the UK Chamber of Commerce, in 2016:
- 20% of UK businesses were victim of a cyber-attack
- 42% of firms with over 100 employees were targeted by a cyber-attack
Despite this, just one in four firms have a security measure in place to protect their customers’ data. Most businesses simply aren’t adequately prepared for a cyber-attack, and should they be targeted, their customers’ personal data could be at serious risk.
GDPR – Key Facts for Businesses
GDPR legislation comes into place on Friday 25th May 2018, and sets out clear guidelines designed to protect data and privacy for EU citizens. It establishes how businesses can collect, protect, process and manage all personal data in the following ways:
- Data must be kept only for as long as is necessary for processing
- Data must be processed in a manner that ensures its security
- Data must be processed fairly, lawfully and transparently
- Data can only be collected for specified, explicit and legitimate purposes
- Data must be adequate, relevant and limited to what is necessary for processing
- Data must be accurate and kept up to date
Whilst GDPR is an EU regulation, it will also have a big impact on businesses outside the EU (including UK businesses post-Brexit). In fact, every business that wants to collect the personal data of EU citizens will be subject to the legislation.
The risks of non-compliance
Businesses of all sizes that fail to prepare and don’t comply with the new GDPR legislation risk heavy financial penalties. Should a company be compromised or be subject to a successful cyber-attack that results in personal data being compromised, they will be fined.
For top tier infringements resulting in the loss of sensitive data, businesses can be fined 4% of global turnover, or a flat fine of €20M – whichever is the higher. With stakes so high, businesses need to take action, or risk punishing fines that could have a catastrophic effect on business performance and operations.
Get GDPR Ready with Holistic IT
At Holistic IT, our specialist team of cyber security experts are here to help UK businesses in every industry to prepare for GDPR – ensuring that all our customers have the right systems and robust solutions in place to effectively manage and protect private customer data.
Providing a full service, from analysis and consultancy, to solution supply and implementation, our expert teams will ensure that your business is ready and GDPR compliant.
Additional information about our GDPR support service can be found here. Alternatively, please call 01302 23 50 50 or email firstname.lastname@example.org for advice, or to discuss your requirements with a member of our team today.