Modern technology brings many benefits to today’s business world. But such advances also increase the threat of a security breach
While bringing many benefits, technology also brings with it many threats. With companies gathering more and more information on their customers, there is the increased risk of damage to those individuals should a company suffer a security breach. This information, if improperly exposed, could cause a lot of embarrassment to the people affected.
Should it fall into the hands of cyber criminals, it could have a severe financial impact.
The European Union’s Data Protection Directive is concerned about any information, either by itself or used with other pieces of information, that could identify a living person. This information could be items such as email addresses, passport numbers, driver’s licence numbers, financial details, union membership, medical history or information relating to a person’s sexual, religious or political beliefs.
On December 15, 2015, the EU agreed to replace the existing EU Data Protection Directive with the EU General Data Protection Regulation (EU GDPR).
The EU GDPR brings in new obligations to companies and will come into effect in May 2018. Under the EU GDPR, there will be a number of new rules for companies. These will include the obligation to appoint a Data Protection Officer; companies who suffer from a security breach will be obliged to notify “the supervisory authority” without delay or within 72 hours; and there will be fines for companies who are proven negligent in the case of a security breach, to name but a few.
These new rules will have implications for how businesses handle and secure the personal data entrusted to it by its customers and staff. While it will take time for the EU GDPR to come into full effect, it will also take time for companies to be properly prepared for that eventuality.
The checklists that we have compiled (see above and below) will help you obtain better assurance regarding how your company is prepared for these new regulations. An incomplete or negative response to any of the following items indicates the relevant area of risk needs to be addressed.