GDPR: What’s it all about?

GDPR: What’s it all about? Understanding GDPR…

Regardless of ‘Brexit’, the European Union’s General Data Protection Regulation (GDPR) will be implemented into UK law come May 25th 2018. This is going to bring about a whole world of change to how organisations handle data, with promises of heavy fines for those who fail to comply. The 91-article regulation was announced almost two years ago now, will ensure every organisation is accountable for the data it processes regardless of the size and sector.

It’s essential for every organisation and business to understand the importance and details surrounding GDPR as there are hefty fines up to €20 million or 4% of annual turnover, whichever is greater. The regulation is being introduced in a bid to combat the increasing amount of data breaches reported in the past couple of years, with some high-profile cases such as Sony PlayStation, LinkedIn and Yahoo amongst others.

One of the most important articles is Article 35, Data protection impact assessment, requires that some companies appoint a data protection officer. This will be of importance to companies that process sensitive data surrounding health, ethnic origin, religious belief etc. A data protection officer will be required to advise the company about compliance issues and ensuring that they’re sticking within the legislation.

The basics:

  • The EU Parliament approved the implementation of GDPR in April 2016
  • GDPR becomes UK law on 25th May 2018
  • GDPR is part of the EU Commissions Digital Single Market strategy
  • The ICO is likely to represent the UK on EU Data Protection Board
  • GDPR will still apply, even after ‘Brexit’
  • A data breach must be reported to relevant authorities within 72 hours
  • The fine for breaching GDPR will be 4% of turnover or 20 million Euros – whichever is greater

GDPR has the potential to scare organisations off moving to the cloud, but why? Well, it appears some are still reluctant to trust the cloud as a secure place for storing their data, something made all the more ludicrous given that research has found that almost 70% of security incidents within the Public Sector were caused by users in 2015/16.

Why is GDPR so important?

  • 73% of enterprises indicated security as a top challenge holding back SaaS adoption
  • 87% of senior managers admit to regularly uploading work files to a personal email or cloud account
  • 75% of all network intrusions are due to compromised user credentials
  • 80% of employees admit to using non-approved SaaS apps in their jobs
  • The average number of days that attackers reside within a victim’s network before detection is over 200 days

These are frightening statistics, especially considering the lapses in following basic security procedures by senior employees. Those that really should know better. Make no mistake though, making these errors after GDPR’s inception will significantly damage your company’s reputation and hit you with a heavy fine in the process. The best thing now is preparation. And the best solution is the cloud, letting Microsoft handle your data and protect it – giving you one less problem to worry about.



About the author