Since the 25th May, GDPR has hardly been mentioned and we have not had any big fines awarded. But because the perceived deadline has now passed, it doesn’t mean it is no longer relevant.
May 25th, 2018 was the day that the Data Protection Act (DPA) 1996 was rescinded and the European Data Protection Regulation (GDPR) and Data Protection Act (DPA) 2018 came in to force. Up to 25th May activity and discussion about GDPR seemed continuous. Mainly the discussion was about massive fines being awarded to the first businesses found in contravention of the regulation on the 29th May (after the bank holiday).
Since the 25th May, GDPR has hardly been mentioned and we have not had any big fines awarded. But because the perceived deadline has now passed, it doesn’t mean it is no longer relevant. Actually, it will always be relevant and as knowledge increases and more guidance is made available from the Information Commissioners Office (ICO) the work will increase. If you are prepared for this, it will have less impact on your time.
In essence there are two things businesses need to do to become ready for GDPR and the DPA 2018:
- Securing data – regardless of any regulation, securing your data is a sensible thing to do.
It is a fact that businesses still face a 1 in 2 chance of having their data compromised.If your business had a 1 in 2 change of being burgled the board or owners would have little hesitation investing in physical security such as alarm systems to prevent loss or damage to property and the resulting inconvenience.
Think for a minute or two: how long could your business survive these days without access to computers? Not many offices are completely IT free. Imagine not being able to invoice, not being able to bank online, or even search for information. We have started to take our technology for granted. We also expect that it is secure ‘out of the box’. The fact is that the technology is not secure ‘out of the box’ but taking a few simple steps can make it secure. Steps that may cost a small amount of money, or possibly nothing to implement.
These steps are covered in the government backed Cyber Essentials Scheme. A scheme that has be proven to reduce risks of cyber-attack by 80%. By following these steps, you will be:
- Making your business more secure;
-Reducing your chances of business disruption associated with loss of your IT; and
-Fulfilling one of the main requirements of GDPR and the DPA 2018.
- Implement processes to manage data – we are increasingly suffering data and information overload. Largely this is because we manage our data poorly. Historically we were quite good at managing data. This was because paper files were bulky and difficult to store, there were significant costs to storing our data, so we would collect and keep the minimum necessary to run the business. Of late, data storage has become comparatively cheap. This has lead businesses to hang on to data ‘just in case’.
Implementing processes to manage data effectively can result in significant costs savings: not only in storage but also business efficiency.
The IASME standard was written partly with this in mind. Following the principles and guidance of this standard will help you develop data management processes appropriate to your business. In doing this, you will not only see efficiencies and structures to enable growth, you will also meet the last set of requirements of the DPA 2018 and GDPR.
So, if you have a slight lull in activity over the holiday period, why not look at the opportunities Cyber Essentials and the IASME standard may be able to provide. And if you need support, all IASME’s certification bodies have been through the IASME GDPR training course accredited by APMG.