The UK government has announced that businesses which do not have adequate systems to protect against cybercrime in place will be subject to fines of up to £17 million. The measure is being introduced in an attempt to safeguard services and utilities deemed essential to the British public, and will most likely target energy, health, transport and water companies.
The announcement can be interpreted as a reaction to the WannaCry Ransomware attack which affected the NHS last year. Although at the time the government’s Digital Minister Matt Hancock indicated the fines would only be a last resort, a consultation in the interim has concluded that they could now well be necessary. Businesses will have until the 10th May 2018 to comply, with the new General Data Protection Regulation (GDPR) law coming into effect on May 25th.
What is the GDPR?
For those unaware, the GDPR is a new set of regulations which will replace existing legislation on the obligations a company has regarding data protection. It is being introduced by the EU and affects all companies within the Union, as well as data being transferred out of it. Its main objective is to deliver control of their own personal data back into the hands of private citizens, but it will require some action from business owners in order for them to achieve compliance.
Although the GDPR is similar to the pre-existing Data Protection Act (DPA), notable areas where a business may need to take action include:
- How you seek consent for obtaining an individual’s personal information
- How you subsequently record and manage that information
- How you advertise an individual’s rights when seeking consent
- How you respond to requests from the individual regarding their rights
- How you store data pertaining to children and whether you need to seek parental authorisation prior to storing it
- How you protect against potential data breaches
- How you delegate responsibility for compliance with the GDPR and whether it will be necessary to hire an external advisor
- How you manage authority in international businesses
Not all of these areas will affect all businesses, but it’s a good idea to familiarise yourself with the impending legislation as soon as possible and affect any policy changes that you need to. At Pink Chalk, we can help you prepare for the upcoming handover to the new regulations and will be happy to answer any queries you may have.