Four things every business needs to know about GDPR

Brexit won't mean you can ignore the new EU data protection regime.

by Kavitha Muniandy
Last Updated: 18 Oct 2017

By May next year, all UK businesses will have to ensure they are GDPR compliant. In layman's terms, customer data will soon have to be handled with kid gloves.

Not even the smallest companies are exempt from this new piece of EU legislation, which comes after two decades of varying interpretations of the existing data protection rules have left privacy laws between EU countries inconsistent.

The increasing sophistication of cyber crime, and soaring incidences of information security breaches, leaves most in agreement that the existing data protection directive is no longer fit for purpose.

British businesses with half an eye open will either have been on the receiving end of the scaremongering, or been pitched the services of GDPR experts and data protection officers, that vary wildly in quality.

Here are four things all – including the smallest – businesses need to know about GDPR, ahead of the deadline of 25 May:

1. The scaremongering is justified. All UK businesses that hold data or buy data lists – however small, and irrespective of Brexit – will have to comply with this new regulation by the deadline. Those who don’t risk a fine worth 4% fine of gross annual turnover, and run the gauntlet of negative PR and nosediving customer confidence, in the wake of a data breach. The widely bandied theory that GDPR is the next Millennium Bug – i.e. nothing but a storm in a teacup – isn't an applicable analogy, because this is about taking steps to diminish risks to personal data now and in future (not something that might happen at midnight).

2. Brexit won’t save you. It’s almost a given the UK will adopt GDPR, even with our planned exit from the EU. And, with the May 2018 deadline well ahead of a rumoured departure date, businesses should prepare regardless.

3. It’s good for business as well as customers. Data privacy is treated as a basic human right under GDPR, meaning customers can have more faith in the many businesses they entrust their data with. Cyber crime is a very real scourge and, although compliance is undoubtedly an administrative pain for businesses, the benefits far outweigh the hassle. GDPR will force companies to look more closely at their information security strategy and consider the new impact of a catastrophic loss of data. Meeting ISO 27001 – the new information security standard – will demonstrate to customers and stakeholders their information security policy is robust and fit for purpose.

4. This isn’t a one-off task, it’s an ongoing commitment. Of course, companies must first assess the state of play to ascertain if they are already compliant, and lay the foundations for the prevention of security breaches using recommended techniques such as encryption, anonymisation and pseudonymisation. But, the possibility of a data breach can never be completely eliminated, even with preventative security measures in place. The GDPR recommends monitoring and alerting to detect such breaches. This is why the job is never done.

Kavitha Muniandy is European manager at IT outsourcing provider Soitron UK


Find this article useful?

Get more great articles like this in your inbox every lunchtime

The best business podcasts as voted by you

As companies nationwide eye up an autumn return to the office (albeit mostly in a...

“Men are afraid to say or do the wrong thing - I have ...

To allow room for error, Ray Arata, CEO of the Better Man Movement calls himself...

4 ways to instantly improve your customer service culture

While every company inherently wants its customers to have a faultless and perfect experience every...

“I can talk about business success, but it’s difficult to say that I ...

5 Minutes with Lady Chanelle McCoy, former Irish Dragons Den investor and co-founder of CBD...

How do you solve a successor’s dilemma like Logan Roy’s?

As Succession returns to our screens, one CEO explains what lessons leaders can learn from...

The end of the sickie?

Britons used to love a "sickie" - we even celebrated National Sickie Day. But remote...