Is anyone ready to meet GDPR compliance yet?
There are just six months to go until one of the biggest ever pieces of industry-wide business regulation comes into force. It’s called EU GDPR (the EU’s General Data Protection Regulation) and if you didn’t know that already then, according to the latest Q4 2017 research, you are not alone.
In some industries, large swathes of firms and senior decision makers remain either unaware of GDPR and its penalties for non-compliance (up to 4% of global turnover or 20m Euro, whichever is highest) or unprepared to change data management processes and procedures in time. Research by law firm Collyer Bristow puts the real estate and construction sector bottom of the league table, with more than one-in-three of its firms having no awareness at all of the new regulation and its ramifications. Compare that to the financial services space where the figure is just one-in-seven. This apparently carefree approach in some quarters is partly explained by the 7% of respondents who (incorrectly) feel confident GDPR will never affect them anyway, due to Brexit.
Even professional services businesses are struggling to get their head around GDPR, both to protect their own interests and to advise clients.
Marketing trade body, the DMA Group, found that 40% of marketers don’t believe their own businesses are sufficiently prepared for GDPR – a worrying number given the crucial importance of customer and prospect data in sales and marketing activity.
Accountancy firms and professionals appear similarly stymied when it comes to interpreting and articulating the needs around GDPR, with just 14% of respondents to a Wolters Kluwer survey classifying themselves as ‘knowledgeable’, 22% with a decent working understanding and a massive 64% possessing only the most rudimentary grasp. Accountancy is particularly pertinent to GDPR as, when the most punitive fines strike businesses in any sector, the impact will be so severe that few have the necessary cash reserves to pay up. According to the Collyer Bristow study, as many 18% could be declared insolvent in such circumstances.
The one consolation in this rather depressing picture is that, rather than lagging behind its erstwhile European neighbours in the GDPR stakes, UK businesses are actually out in front. Cybersecurity specialists Kaspersky Lab polled more than 2,000 IT decision makers across the continent and found UK awareness top of the heap, closely followed by Germany, France and Italy. In Belgium, where GDPR was written and enshrined into EU law, 32% of respondents admitted to knowing nothing about GDPR other than having heard the name before. 14% hadn’t even heard that!
So what does GDPR readiness look like?
Needless to say, GDPR is a detailed and all-compassing set of requirements that radically evolve the previous set of data protection regulations from over 20 years ago. And while many of the finer points of it are untested and frustratingly vague, the ability to comply with GDPR rules is clearly aligned with the development and execution of robust IT governance.
Key IT governance areas impacted by GDPR include:
- Security: such as safeguarding against data breaches and reporting any data breaches to the relevant parties within 72 hours
- Storage and backup: such as maintaining clear audit trails as to processing activities that relate to data management, and ensuring that relevant data is held or deleted in accordance with each individual’s’ wishes
- Private/hybrid cloud: such as understanding the location of applications and data for processing purposes and establishing control mechanisms for data transfer
Unpinning all of this (and more) is the business requirement to maintain availability and uptime of data-driven services and business processes so that compliance can be achieved and transparently demonstrated at all times. Key to this is the use of reliable, high-speed connectivity – combined with secure cloud backup and storage – at all levels of the network.
Luminet offers a comprehensive range of connectivity and computing solutions, certified to ISO 27001 for information security management. We work with customers in all sectors to support the GDPR compliance process through bespoke solutions that facilitate always-on connections and cloud-based data management to the highest possible standards.
Contact me to “get connected”