While GDPR may appear burdensome to organisations, the level of data protection and security that it will bring to EU citizens across all industries is unprecedented and something that we all will be glad to see implemented, writes Jon Szehofner, partner at GD Financial Markets.
The 2018 compliance deadline for the General Data Protection Regulation (GDPR) is rapidly approaching, and firms are racing to adhere to these new rules by 25 May.
Go deeper with GlobalData
As the issues of ownership and control of business and personal data are increasing in prominence, cybersecurity and technology resilience have become integral parts of companies’ operations.
The surge in security breaches over the past few years alone demonstrates that criminals value and seek raw, personal and business data. Recent examples include the 9,000 Tesco Bank customer details breached in 2016, the theft of 45.5 million people’s data from Equifax in 2017, and the loss of $81m (£60.1m) from Bangladesh’s Central Bank accounts using the SWIFT network.
The GDPR holds increasing relevance in today’s society as it is not just another financial or regulatory hurdle for firms to navigate. In an increasingly online world, where data is an increasingly valuable commodity, protecting our personal information is crucial.
Should businesses fail to comply with the regulations, they could be exposed to some fairly hefty financial, and reputational, consequences. Transparency and compliance will be crucial for those who want to avoid regulatory scrutiny, face a fine of up to 4% of their global revenues, or risk damaging their hard-won reputation.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataAs a piece of European legislation, the GDPR sets the standard for data protection across all industries both within and outside the union. Data protection for individuals, both within the EU and with respect to the movement of their data outside of the European Economic Area, will be strengthened. Whether your business is a local SME or a global enterprise, the consequences of non-compliance will be damaging.
As recent events such as the Cambridge Analytica scandal suggest, the stakes relating to the social, economic and political value of data have been raised for companies, individuals and governments across the world. Consequently, local GDPR regulators will take an active approach to adherence to the rules and spirit of the regulation.
The regulation states that breaches include, but are not limited to, the misuse of data, such as when an individual’s data is used in marketing material where permission has not been given, or when appropriate security is lacking, leaving companies and individuals open to criminal activity.
How are firms preparing?
Many businesses recognise the need to develop appropriate governance, process and systems to enable them to comply with GDPR on an ongoing basis.
While IT departments work to upgrade and secure tech systems, HR teams will need to instruct employees in the new requirements, and to communicate them to clients. Some firms have opted to hire dedicated Data Protection Officers, others have appointed people on a voluntary basis or appointed external agencies.
The extent to which firms are prepared for the incoming regulation is dependent on the company and its board accepting the importance of GDPR – not only from a compliance perspective but also from the perspective of the benefits that can arise from a well-considered change programme.
This process will require teams to understand and monitor everything from technology contracts to cloud-based software services. Indeed, a recent Deloitte survey showed that only one in ten global companies effectively monitor and identify data activity by their sub-contractors and, instead, rely on third parties to examine fourth- and fifth-party activity.
It is important to note that all organisations will be held responsible for use of data on their behalf and, consequently, it is imperative that they are organised and appreciate what and how the data they are responsible for is being used by others.
The real significance of GDPR is where the regulations place the responsibility for compliance. These regulations stipulate that the onus of responsibility lies with a board-level member of the company, and the need for evidence to demonstrate that a company has taken clear steps in its attempts to comply.
Firms that fail to recognise and track the origin of their data may struggle to develop well-defined systems for GDPR. The size of a firm is not always the defining factor in this issue – the amount of different systems in use and the ease of tracing data relating to an individual are what count.
There will be a need for firms to conduct internal audits on the data they hold to understand where it originates from, whether this information should be corrected or changed, and the procedure noted for future reference within the firm.
It is also important that firms continue their efforts and do not cease implementing these standards after the May deadline has passed.
In 2016, the UK Financial Conduct Authority revealed that the number of reported incidents of cybercrime within its jurisdiction had jumped to 75 for the year to date, from five in 2014.
If the regulator’s fine is not enough to incentivise companies into action, the irreversible reputational damage to companies associated with data breaches shows that serious loss of trust and customer support may occur, which will take longer to rebuild than lost revenues.
Firms have very little time to prepare for the introduction of GDPR, and it is important that those at the top of organisations recognise the significance of these regulations. Implementing compliance may seem monotonous, but once the initial systems are in place, GDPR will make doing business safer and more in line with the social and political direction that technology is taking us in.
