A whitepaper by CenturyLink Emea has just reported that only 25% of legal sector IT decision-makers said their firms were GDPR ready, despite one in five having experienced an attempted cyber-attack in the past month.
Why is there so much apathy surrounding the GDPR, even though there is only six months to go until the compliance deadline of 25 May 2018?
Searching for news on the GDPR brings up reams of doom laden reports on the future threat of huge fines and punitive measures for non-compliant companies.
But maybe this negativity is impacting on our business audience? Maybe the unrelenting pessimism means that some businesses have simply become desensitised to the predictions of disaster and business failure.
Instead, the cyber security industry should be focussing on the fact that the GDPR will be an opportunity for change; a chance to transform and update antiquated business processes.
Businesses won’t be able to avoid the GDPR and nor should they; the new regulation puts the customer at the heart of the business. Data will need to be gathered transparently, kept up to date and accurate, used for the specific purpose, protected securely and deleted if the customer requests.
To deal with the “right to be forgotten” requests, organisations will need to carry out an audit to ensure they know exactly what data they have, and where it is being stored. Out of date data storage will need to be streamlined. Better consumer understanding on the threat of data breaches and mistrust around the misuse of their data is at an all-time high. The GDPR hands significant power back to the customer. It strengthens the rights of individuals to control their own data. This can only be a good thing.
How can organisations take advantage of the GDPR?
It needs to become a number one priority. Instead of relying on fear mongering to motivate your Board, look at the opportunities that come with preparing for the regulation.
Luke Vile, our Cyber Security Director says, “This regulation will compel businesses to streamline processes to make them more efficient, remove worthless contacts from their databases, that are a drain in terms of storage and communication costs, and delete a load of unnecessarily complex information that their business never uses. It enables organisations to assess what data is of genuine value to their business.
Fines have been widely reported. Failure to comply with any of these regulations comes with hefty fines of up to 4% of a firm’s global revenue or £17m, whichever is more.
However, like all regulations, fines are only there as a last result. There will be preceding notifications and audits before any organization faces an actual fine.
Businesses need to realise that instead of a time consuming, expensive process, the GDPR legislative shakeup means that it will only usually be necessary to modify currently applied practices and procedures and if necessary fill in the gaps…
A bit of positivity and realistic reporting might reassure some businesses, and encourage them to see the GDPR as a transformational exercise, that if done correctly, will instil trust in their consumers, and benefit their own business processes.