From 25th May next year all UK businesses – big or small – will need to comply with strict new regulations around how they collect, store and use personal information as the European General Data Protection Regulation (GDPR) replaces the current data protection directive.
However, despite the GDPR’s two-year transition period which began in May 2016, A&O IT One Solution is concerned that many SMEs remain unaware of what changes they must legally put in place over the coming months if they are to avoid breaching the new data protection obligations.
The UK’s Information Commissioner has historically taken the approach that it wants to help Data Holders comply with the rules but GDPR brings about a change in culture to enforcement and ignorance or a lack of resources will no longer be considered an acceptable excuse.
With violations set to be met with heavy fines of up to 4 per cent of a company’s worldwide turnover and the changes coming in despite the UK’s decision to leave the EU, non-compliance could risk putting offending SMEs out of business.
To support SME’s, A&O IT One Solution have prepared a free guide designed to help ‘get you GDPR ready’ please email gdpr@aoitgroup.com for a copy.
Rod Moore, chairman of A&O IT Group, commented: “The implications of the new GDPR are massive for all organisations. Whilst some small business owners wrongly assume the new laws won’t apply to them, what’s even more worrying is how many remain totally unaware of the new regulations and how they will impact their day-to-day business.
“All business owners need to wake up to the fact that the new GDPR directive is a complete legal overhaul that will affect anyone who deals with personal data, whether they’re a one-man band or have multiple offices. If you hold personally identifiable information (PII) data on staff, contractors or customers you are legally obliged to ensure that its’ use is limited to activity expressly approved by the subject.
“Seeking IT advice at an early stage will not only avoid potentially business-devastating penalties but also improve customer relationships at a time when trust becomes the most valuable company asset of all.”
A&O IT One Solution clients can tap into the team’s specialists to better understand where they’re holding personal data, who can access it and which processes they must put in place to ensure their business is fully compliant. For some, this might involve introducing new systems to protect this information to the required level as well as updating privacy policies or even bringing on-board a data protection officer.
For others, the focus will be on introducing clear plans on how they will report data breaches within the GDPR’s required 72-hour limit and correctly handle any Subject Access Requests and ‘right to be forgotten’ applications.
Moore added: “As cybercrime becomes more sophisticated and SMEs are perceived as easier targets, the GDPR is a timely opportunity for companies to ensure they put the right processes and security systems in place to future-proof their business.”
“As cybercrime advances and develops year on year, companies must be properly prepared to deal with phishing attacks, Ransomware, Trojans, malware etc. All companies must ensure that their IT systems are fully secured against attacks. Does your business ensure that all persons with data access are issued with written guidance on internet policy and data usage? Is your software regularly updated? Is your anti-virus software up to date and regularly utilised? Have you undertaken a threat analysis and kept it updated. If not you are probably exposed.”
(Source: A&O IT)