If you hold customer data, be afraid, be very afraid – GDPR is coming to get you!
GDPR – it sounds a bit like a disease, doesn’t it? Like AIDS or H5N1. GDPR is not a deadly virus, which is a threat to humans as such. But it could be a threat to the life of your business, and it was created to make sure that you look after sensitive customer data in a proper and reliable way.
Since 1995 the Data Protection Directive has regulated the way businesses go about managing confidential customer data, but even the most visionary lawmakers could not have imagined the world of 2016 and the amount of information that would be floating about in cyberspace.
The General Data Protection Regulative, or GDPR amongst friends, is designed to give citizens back the control over where and how information about them is stored. In plain English that means you need to firm up on how you manage and protect customer information, or else…. GDPR hits perpetrators hard if they don’t live up to the terms in the directive. Actual penalties are a real possibility, and you could be liable to the tune of 5% of your global turnover if you are in breach.
Here is a very specific example of what a fully enforced GDPR could mean to a business:
In 2015 TalkTalk got hit by a cyber attack and the attackers accessed the personal data of 156,959 customers including their names, addresses, email addresses, dates of birth, and phone numbers. In app. 15,000 cases, the attacker also gained access to bank details. TalkTalk was fined a record £400,000. Now, that is quite a hefty penalty, but had the GDPR been in force back then, the fine could have been £89,750,000, which equates to 5% of the TalkTalk turnover. However the friendly lawmakers decided to cap the fine at £20,000,000, so TalkTalk would have have been fined that amount instead. Still fifty times more than now, and surely enough to make heads roll.
The bad news is that GDPR was ratified earlier this year and immediately became law. The good news is that GDPR will not be enforced until 24th of May 2018, which means that you have just under 18 months to comply and get your house in order. We have put together an abstract to save you from reading the original 200-something pages which is GDPR, and you can view it by clicking here.