The Business Exchange Bath & Somerset Issue 6: Winter 2017/18 | Page 20

FOCUS ON GDPR The General Data Protection Regulations (GDPR) what is it and are you ready? by Ian Sandham, Branch Director, for Bluefin in Bath Data protection and privacy laws are currently a very hot topic. The biggest reform in two decades is currently underway, impacting businesses across Europe. But do you know what it means and more importantly how it will impact you and your business? The impact GDPR and cyber risks Risk mitigation strategies The new legislation, redesigned for the 21st century, gives both private and business customers increased rights and controls over their personal data held by your business. You will be required to: When the new legislation takes effect on 25 May 2018, companies could face significant fines for failing to comply. The maximum fine for a breach of the data protection act is £500,000. A breach of the GDPR could result in a maximum fine of EUR20M or 4% of total worldwide annual turnover, whichever is higher. In 2015, 74% of small and medium businesses reported a security breach, leading to an estimated £908m in fines . It is worth noting fines aren’t the only issue for businesses facing a security breach. Reputational damage, business disruption, and loss of revenue are also key risks. Fines are not limited to security breaches. The highest fines that may be imposed by data protection authorities relate to infringements of the GDPR concerning the lawfulness of the data processing, data subjects’ rights (including transparency on how individuals’ personal data is used), and international data transfers. With the increased fines and expanded scope of GDPR, which also applies to data processors, now is the time to review and remediate existing policies, procedures, systems, and documents. It is increasingly important for businesses to evaluate all the risks they face, and include IT security and protection requirements in their overall contingency strategy. It is increasingly important to check if your insurance adequately protects your business against cyber threats. Not understanding the GDPR is not going to be a good enough excuse, regardless of the size of your business. For a more detailed overview of your responsibilities under the GDPR visit www.ico.org.uk If you need more information about protecting your business why not contact your usual Bluefin adviser or visit our website. • Acquire explicit consent from customers before collecting sensitive dataPretexting: hacker makes contact with a seemingly legitimate purpose. • Obtain consent from parent/guardian before processing data for minors • Demonstrate how “clear affirmative action” was used to gain this consent • Adhere to new restrictions on how you use data held to “profile” customers • Understand and adhere to the new and enhanced rights your customers have, including the right to erasure and enhanced access rights • Demonstrate and verify how you comply with the legislation For more info: www.bluefingroup.co.uk [email protected] 01225 444553 Citizen Rights Processing Justifications The Five W’s - What, Why, Who, Where, When MyLife Digital’s Consentric platform helps organisations to provide their citizens with transparency, trust and control over the use of their personal data. Transparency Based on GDPR and the Data Protection Bill. Trust www.consentric.io 20 TBE Consentric Ad 20171110.indd 1 THE BUSINESS EXCHANGE 2017 10/11/2017 14:15