A local company have issued an urgent warning to fellow business owners ahead of a new EU privacy regulation (GDPR) set to become effective from 25th May 2018.
The EU Parliament has seen a lot of to-ing and fro-ing of the issue over the years, but they’ve finally set a date for implementing a strict zero-tolerance policy towards data protection.
Any organisations that fail to comply with the GDPR will be charged with a fine of £17.2m (€20m) or 4% of their annual turnover – whichever is higher.
Leigh Cowell of Kingston Memory Shop, Preston-based encryption experts, warned: “If you work in healthcare, IT, public services, finance, education or sales, you need to take action right now. This applies to all of us and we can’t afford to simply ignore it. The message from the GDPR is clear - reconsider how you collect and store personal data or take a hit. It’d be such a huge shame to see thriving local businesses suffer over something so easily avoidable.”
Kingston Memory Shop’s range of GDPR-ready encrypted USB flash drives can assist organisations in securing their data, in preparation for the update.
The new legislation has laid out new requirements for businesses, including:
Organisations over a certain size, must employ a Data Protection Officer to ensure data is responsibly collected and appropriately secured.
Data security breaches must be immediately reported to the IICO no longer than 72 hours after the breach occurred.
Individuals are entitled to ‘the right to be forgotten’ which would withdraw consent of use of their personal data.
"This applies to all of us and we cant afford to simply ignore it. The message from the GDPR is clear and it'd be a huge shame to see businesses suffer over something so easily avoidable."
Leigh Cowell, Kingston Memory Shop
Whilst 69% of businesses say their senior management consider cyber security is a very or fairly high priority for their organisation only half of businesses have actually taken recommended actions to identify cyber risks. The Information Commissioner’s Office (ICO) have warned that “we’re all going to have to change how we think about data protection.”
What is classed as ‘sensitive’ data?
In the digital era, defining ‘sensitive’ data can be complex. It is no longer just names, addresses and credit card details but also the likes of cookies and IP addresses.
For organisations that don’t collect personal online data, the collection of such information in the form of HR records and customer lists may already be compliant with Data Protection regulations – but appropriate security and encryption of this data is now mandatory rather than recommended.
How can businesses make sure that they are protected?
Data transportation by employees can leave businesses susceptible to data breaches and thousands of companies have already reconsidered their approach to personal data in order to avoid the tough penalties enforced by the GDPR.
Data encryption ensures that, should the data fall into the wrong hands, it is incomprehensible and meaningless.
If you think your company might be affected by the new GDPR and would like more information, speak to Kingston Memory Shop’s online chat team or call them on 01772 316708.
DISCLAIMER: The statements, opinions, views and advice expressed in this article are those of the author/organisation and not of ENTIRELY. This article should represent information correct at the time of publication however whilst every care has been taken to present up-to-date and accurate information, we cannot guarantee that inaccuracies will not occur. ENTIRELY will not be held responsible for any claim, loss, damage or inconvenience caused as a result of any information within this article or any information accessed through this site. The content of any organisations websites which you link to from ENTIRELY are entirely out of the control of ENTIRELY, and you proceed at your own risk. These links are provided purely for your convenience and do not imply any endorsement of or association with any products, services, content, information or materials offered by or accessible to you at the organisations site.