fbpx Skip to main content

GDPR is Coming May 2018 – Is Your Customer Data Protected?

By 4th September 2017April 3rd, 2024Cyber Security, GDPR4 min read

Cyber-attacks and data breaches are a real threat to businesses in every sector. We’re collecting more and more personal data from customers each year, and this isn’t just valuable to businesses – it’s prized by criminals. In 2016, one in five British businesses fell victim to a cyber-attack.

To try and combat the growing number of cyber-attacks, the EU is introducing new legislation in 2018 designed to update and harmonise data protection laws and protect private data. It’s called the GDPR, or General Data Protection Regulation and every business that works with EU customers will need to prove it is compliant, or risk heavy fines.

In this article, we take a look at the current climate, before exploring the new regulations, and looking at what UK businesses can do to ensure they are ready for GDPR.

Cyber Crime Statistics

Cyber-crime is a growing problem across the world – and it’s not just big names like TalkTalk, BT, and Tesco Bank that have been targeted.

According to the UK Chamber of Commerce, in 2016:

  • 20% of UK businesses were victim of a cyber-attack
  • 42% of firms with over 100 employees were targeted by a cyber-attack

Despite this, just one in four firms have a security measure in place to protect their customers’ data. Most businesses simply aren’t adequately prepared for a cyber-attack, and should they be targeted, their customers’ personal data could be at serious risk.

GDPR – Key Facts for Businesses

GDPR legislation comes into place on Friday 25th May 2018, and sets out clear guidelines designed to protect data and privacy for EU citizens. It establishes how businesses can collect, protect, process and manage all personal data in the following ways:

  • Data must be kept only for as long as is necessary for processing
  • Data must be processed in a manner that ensures its security
  • Data must be processed fairly, lawfully and transparently
  • Data can only be collected for specified, explicit and legitimate purposes
  • Data must be adequate, relevant and limited to what is necessary for processing
  • Data must be accurate and kept up to date

Whilst GDPR is an EU regulation, it will also have a big impact on businesses outside the EU (including UK businesses post-Brexit). In fact, every business that wants to collect the personal data of EU citizens will be subject to the legislation.

The risks of non-compliance

Businesses of all sizes that fail to prepare and don’t comply with the new GDPR legislation risk heavy financial penalties. Should a company be compromised or be subject to a successful cyber-attack that results in personal data being compromised, they will be fined.

For top tier infringements resulting in the loss of sensitive data, businesses can be fined 4% of global turnover, or a flat fine of €20M – whichever is the higher. With stakes so high, businesses need to take action, or risk punishing fines that could have a catastrophic effect on business performance and operations.

Get GDPR Ready with Holistic IT

At Holistic IT, our specialist team of cyber security experts are here to help UK businesses in every industry to prepare for GDPR – ensuring that all our customers have the right systems and robust solutions in place to effectively manage and protect private customer data.

Providing a full service, from analysis and consultancy, to solution supply and implementation, our expert teams will ensure that your business is ready and GDPR compliant.

Additional information about our GDPR support service can be found here. Alternatively, please call 01302 23 50 50 or email info@holistic.it for advice, or to discuss your requirements with a member of our team today.