Get Aligned!

As you now know, the UK public voted out in the EU referendum – it is a significant event in UK politics and perhaps the most important vote many of us will ever make. However, it has left many UK businesses facing uncertainty, especially in terms of EU legislation compliance. While a leave vote may make certain laws irrelevant, other regulations governing international relations will still be very much applicable.

In 2018 the new General Data Protection Regulation (GDPR) comes into force, designed to harmonise data protection laws across the EU. Even after we have left, GDPR will still apply to businesses that trade with any member states – so global organisations need to be aware of key factors to ensure compliance.

Awareness of GDPR is significantly lower in the UK than in other countries. According to a survey by Trend Micro 87% of IT decision-makers in Germany are planning for GDPR compared with only 50% of UK IT decision-makers. This means that many UK businesses could be on the back foot when legislation comes in, needing to make significant changes to the way they handle data to ensure best practice.

Get Ready For GDPR!

If you haven’t started preparing your business for GDPR, it’s not too late. 2018 may be the date GDPR becomes law, however there will be a two-year adoption period after which it becomes enforceable across the EU by data protection authorities and the courts. Non-compliance will result in sanctions using a tiered fine structure.

For example, a company can be fined up to 2% of their global revenue for minor infringements including not keeping records in order or not notifying the supervising authority and data subject about a breach. For more serious infringements, such as violations of basic principles of data protection, organisations can be fined up to 4% of global revenue.

These fines are significantly higher than those sanctions currently handed out by the UK’s Information Commissioners Office, and alongside other costs associated with the fallout of a data breach could seriously affect an organisation’s profitability and business.

So what does your company need to do to ensure compliance?

Step 1: Get Documentation in Order

Data protection authorities must be able to review privacy policies, procedures and documentation at any time: get them in order and keep them up-to-date. ISO 27001 is a great place to start for helping you achieve compliance.

Step 2: Appoint a Data Protection Officer

If your organisation has over 250 employees or if the core activities of your company involve ‘systematic monitoring of data subjects on a larger scale”, or large-scale processing of ‘special categories’ of data – you must appoint a Data Protection Officer (DPO). There will be an increase in demand for this role as the deadline nears, so look to begin your recruitment process as soon as possible.

Step 3: Form a Governance Group

Regardless of whether you need to appoint a DPO or not, you should also form a governance group (led by your DPO or a senior executive) to oversee all data privacy activities and measure results.

Step 4: Put ‘Right to Be Forgotten’ Procedures in Place

A significant factor of GDPR is the ‘right to be forgotten’ allowing any individual to request that their data and personal information is erased from an organisations’ records. Your organisation will need to develop a strategy for data classification, retention, collection, destruction, storage, and search, including all channels that data is collected by. Remember, you must be able to provide evidence at any time that records are actually being erased when requested.

Step 5: Design a Breach Notification Procedure

A data breach (that results in risk to an individual’s data) must be reported to the supervisory authority within 72 hours of discovery. This may mean improving data breach detection systems, as well as your response and incident management processes.

Step 6: Promote a Culture of Data Protection

Data breaches are often insider jobs, whether through human error or malicious intent. Awareness, training, robust privacy policies and stronger privacy controls will all help your organisation comply with these new data protection laws.

Our enterprise data security and threat intelligence solutions can also help organisations comply with GDPR. Whether you’re looking for an audit of your current services to see what work needs to be done, or whether you know exactly what solution you need, get in touch – we would love to discuss how we can partner with your business.

Say hello at hello@oryxalign.com or give us a call on +44 (0)207 605 7890.

Back to List

Related Stories

Windows 7, Server 2008 and 2008 R2 security updates end January 2020

Windows 7, Server 2008 and 2008 R2 security update…

On January 14, 2020, support for Windows 7, Windows Server 2008 and 2008 R2 will end. That means the end of regular security updates. Failur…

Read Post

Protecting Your Property

Protecting Your Property

The physical protection of your building and IT Systems is just as important as online protection. With the use of information technology an…

Read Post

Understanding The Digital Workplace

Understanding The Digital Workplace

The digital workplace is the virtual, modern version of the traditional workplace. It quickly and securely provides personalised, role-based…

Read Post

5 Things to Know About Wi-Fi 6 and 5G

5 Things to Know About Wi-Fi 6 and 5G

The sixth generation of Wi-Fi, Wi-Fi 6, also known as 802.11ax, provides more speed, lower latency, and increased device density. The fifth …

Read Post

The New Technology Buyer

The New Technology Buyer

It is predicted that 80% of new technology spend will sit with business buyers by 2020. This is a change which has come about primarily due …

Read Post

Security on the move

Security on the move

The ability to stay secure and productive anywhere, on any device is of great and growing importance to all businesses.

We look at the fi…

Read Post

Business Benefits of Microsoft Azure

Business Benefits of Microsoft Azure

Connecting Clouds: The growing pains of cloud adoption continue as organisations realise that a single solution of either Private Cloud, Dat…

Read Post

Understand & improve your security posture

Understand & improve your security posture

Gain deeper visibility into and take control of your security.

Assessing your security posture is an ongoing challenge. Increasingly soph…

Read Post

Artificial Intelligence

Artificial Intelligence

Artificial Intelligence (AI) and Machine Learning (ML) are fast becoming important pillars of many organisations’ digital transformation s…

Read Post

IT Risk Management

IT Risk Management

With today’s pressures of compliance, cybercrime and customer demands organisations can no longer afford to have ad-hoc IT Policies and IT…

Read Post