By: David Hart
Auditel / E AND H / Membership Associations / Professional Membership Sector
Are you ready for GDPR?
Or perhaps you don’t know anything about it – in which case you’re not alone. At an event with a group of finance directors a couple of weeks ago, over 90% didn’t know what GDPR is or how it might impact their organisations. If you’re not already thinking about what you need to do to comply then you may be at significant risk.
The new General Data Protection Regulation (GDPR) is an EU-wide law that comes into force on 25th May 2018, replacing the current Data Protection Act, tightening data protection regulation and increasing the penalties for a data breach. Under GDPR the maximum fine increases to €20 million, or 4% of global turnover, and Brexit isn’t going to make it go away.
GDPR places stringent obligations on an organisation around the management and use of personal data – and data protection needs to be embedded into all your business process and systems.
The requirements apply to both automated (IT) and manual systems, and businesses must demonstrate compliance with the key principles, including:
Whilst the regulation also applies to manual and paper-based systems, IT is probably where greatest risk lies and businesses and other organisations need to ensure they are adequately protected. We are all aware of the impact of recent ransomware attacks, but many experts feel that the next big ransomware threat is around GDPR – with the potential for a criminal organisation to get hold of your data and then threaten to publish it.