In this the third and final part of this series on GDPR, we’re going to concentrate on what you can do now to ensure that when next May comes, you, your data strategy, and your business are protected and compliant with the new regulations.
GDPR is your chance to take a good look at what you are doing now, and to change it to not only meet the regulations but to protect and build your capabilities and connectivity.
At the core of GDPR is Privacy by Design, meaning that your cyber security is an absolute top priority. Over two thirds of UK firms were targeted by hackers in the last 12 months and according to the IOD over half of UK businesses are unprepared. So now is the time to rethink your approach and review what you are doing and who your best partners are.
Kubenet are a leading ISP and specialists in business connectivity, cloud and network security solutions in the UK and globally. Our team is trained and developed to be at the forefront security best practice and our own cloud based connectivity and security products are designed to provide world class business solutions. Just what you need right now.
GDPR has a number of requirements, which include:
- A requirement for consent – businesses will need to ensure that all customers know that you have their data and that they consent to the business having that data.
- Businesses will have three days to report data breaches to both the authorities and customers
- The Right to be Forgotten – customers will have the right to ask businesses to delete all of their data, and to prove that they have.
- Data portability – the aim being to create an environment where businesses can easily swap their data between different providers, whilst ensuring the data is erased from the old provider’s systems.
- Hefty fines for data breaches will be introduced – up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater.
GDPR & its Consequences
The ICO is responsible for imposing fines in the UK, and the current limit is £500,000, under the 1998 Data Protection Act. Once GDPR is officially introduced, fines could soar up to 4% of a company’s total annual profit, or a terrifying 18 million pounds.
The requirement to inform the relevant parties of a breach within 72 hours means adequate & timely threat detection is necessary for compliance. Breaches are often not discovered until weeks or months later, therefore the strict GDPR guidelines will likely cause problems. Furthermore, the challenge is not only establishing that a breach has happened, but understanding who was affected from your data sets, and how severe the impact is.
Will you be ready?
Complying with GDPR is not simple. It will require detailed planning and collaboration with all the businesses in your chain, as well as a pragmatic, solutions-based approach to breach detection. The age of hoping that breaches don’t happen is beyond us; to comply, you need to ensure your security measures are up to scratch or face the consequences of non-compliance.
How to Protect Against a Breach?
One of the biggest issues seen in the security industry over the years is organisations’ inability to detect threats early or detect them at all, before a third party does. It is here that Security-as-a-Service providers can help, with huge pools of data to draw experience and intelligence from, and designated threat detection and analyst teams working to assess potential incidents. Knowledge and expertise coupled with powerful technology and innovations in detecting threats help to stop attackers before they get a foothold. Important is also the ability to gain immediate knowledge of attacks in the circumstance of a breach and readiness to assist in an incident response plan and providing evidence to support audit & compliance.
How many businesses have their own ‘threat intelligence’ team that understands the anatomy of attacks, and thus configure and tune the security infrastructure to detect these threats? The reality is that very few have this capability in-house.
Increasingly, therefore, many organisations work with Managed Security Service Providers (MSSPs) to take this ‘burden’ away from them: investment in external service providers that have a strong pedigree in threat intelligence, security research and vulnerability management, ensures they can remain one step ahead of even the most advanced threats.
Get in touch with us here at KubeNet to arrange a consultation and an assessment of your current network, particularly your security provisions. Email us on firstname.lastname@example.org or call 0344 873 4488.
We Listen. We Understand. We Deliver.