GDPR: It’s real, it’s expensive and it applies to you too
Written by Shackleton Technologies, 8 November 2018
With threats of potentially enormous fines (€20m+), businesses had plenty of incentive to achieve compliance before the new General Data Protection Regulation (GDPR) came into force. Since go-live in May however, much of the hype has died down; the media has moved on to other topics, as have business owners and shareholders.
But this lack of media interest is not matched by a change in behaviour by European data regulators. In a politically-charged move, AggregateIQ (one of the analytics firms involved in the Vote Leave campaign during the EU membership referendum) was issued with the UK’s first ever GDPR notice.
Due to the complexities of investigating cases of personal data misuse, this likely to be the first of many such notices in the coming months and years.
All the signs are there – the ICO is watching
Spurred by the impending implementation of GDPR – and a 75% increase in data breach reports – the Information Commissioner’s Office (ICO) has been prosecuting offenders more harshly. Statistics published in the Information Age magazine reveal that the ICO levied £5m worth of fines over the past year – a 24% increase on the 12 months period before that.
Now that the maximum fine threshold has risen under GDPR, it is inevitable that the ICO will beat their £5m record – possibly as early as this year.
Important lessons for right now
As the ICO exercises their new powers, it is important to realise that breaches can – and will – be punished. Businesses have a legal and moral duty to protect the personal data they hold, and they need to meet their responsibilities or suffer the consequences.
More importantly still, GDPR compliance is not a one-off occurrence. Instead it is an ongoing requirement to audit the personal data you have, to strengthen your data security provisions, and to manage information in line with customer preferences.
In effect, managing data is a permanent cycle of reviews, checking that new (and old) information is properly aligned with GDPR requirements. And because of the need for ongoing commitment of resources, many smaller firms will struggle to keep up.
Speak to an expert
GDPR compliance is not an issue that will “just go away”. And the imposition of steadily increasing fines for data breaches means that information commissioners will not simply ignore failings in future.
For any organisation struggling to maintain compliance, the only solution is to seek professional help.
And if money is the only factor stopping your business getting the help it needs, just remember that you probably haven't budgeted for a €20m fine for GDPR breaches either.
Ready to learn more? Please get in touch.
What Happened in Barcelona Doesn’t Stay in Barcelona
A few of us from Shackleton visited Barcelona recently to attend DattoCon 2018, a 3-day European event for IT managed service providers like us, who wish to grow their business. It was an action-packed agenda of non-stop learning and networking.
Why you need professional help when Windows updates
The latest Windows 10 update has caused a lot of unexpected problems – you need professional assistance to avoid them.