Four things every business needs to know about GDPR

Brexit won't mean you can ignore the new EU data protection regime.

by Kavitha Muniandy
Last Updated: 18 Oct 2017

By May next year, all UK businesses will have to ensure they are GDPR compliant. In layman's terms, customer data will soon have to be handled with kid gloves.

Not even the smallest companies are exempt from this new piece of EU legislation, which comes after two decades of varying interpretations of the existing data protection rules have left privacy laws between EU countries inconsistent.

The increasing sophistication of cyber crime, and soaring incidences of information security breaches, leaves most in agreement that the existing data protection directive is no longer fit for purpose.

British businesses with half an eye open will either have been on the receiving end of the scaremongering, or been pitched the services of GDPR experts and data protection officers, that vary wildly in quality.

Here are four things all – including the smallest – businesses need to know about GDPR, ahead of the deadline of 25 May:

1. The scaremongering is justified. All UK businesses that hold data or buy data lists – however small, and irrespective of Brexit – will have to comply with this new regulation by the deadline. Those who don’t risk a fine worth 4% fine of gross annual turnover, and run the gauntlet of negative PR and nosediving customer confidence, in the wake of a data breach. The widely bandied theory that GDPR is the next Millennium Bug – i.e. nothing but a storm in a teacup – isn't an applicable analogy, because this is about taking steps to diminish risks to personal data now and in future (not something that might happen at midnight).

2. Brexit won’t save you. It’s almost a given the UK will adopt GDPR, even with our planned exit from the EU. And, with the May 2018 deadline well ahead of a rumoured departure date, businesses should prepare regardless.

3. It’s good for business as well as customers. Data privacy is treated as a basic human right under GDPR, meaning customers can have more faith in the many businesses they entrust their data with. Cyber crime is a very real scourge and, although compliance is undoubtedly an administrative pain for businesses, the benefits far outweigh the hassle. GDPR will force companies to look more closely at their information security strategy and consider the new impact of a catastrophic loss of data. Meeting ISO 27001 – the new information security standard – will demonstrate to customers and stakeholders their information security policy is robust and fit for purpose.

4. This isn’t a one-off task, it’s an ongoing commitment. Of course, companies must first assess the state of play to ascertain if they are already compliant, and lay the foundations for the prevention of security breaches using recommended techniques such as encryption, anonymisation and pseudonymisation. But, the possibility of a data breach can never be completely eliminated, even with preventative security measures in place. The GDPR recommends monitoring and alerting to detect such breaches. This is why the job is never done.

Kavitha Muniandy is European manager at IT outsourcing provider Soitron UK


Find this article useful?

Get more great articles like this in your inbox every lunchtime

How Marcia Kilgore's Beauty Pie is disrupting cosmetics

Profile: Will the serial entrepreneur's canny subscriptions model and proven business magic win over initially...

3 women leaders who show that difference is strength

On one day I saw empathy, humility and determination.

When team building backfires

Research suggests that mandatory bonding can have the opposite effect.

Rory Cellan-Jones: Why are you always on your phone?

Workplace Evolution podcast: The Always On author and BBC correspondent on the moment Stephen Hawking...

How iwoca became the UK’s fastest-growing fintech

“It’s been the craziest time of my whole life,” says CEO Christoph Rieche.

How to communicate changes to customers

The failed launch of the European Super League serves as a reminder in the importance...