You’ve read the warnings on Twitter, you’ve listened to the headlines, and you might even have Googled it for good measure, but when it comes to GDPR are you really ready? As with all areas of IT – and business in general – failure to prepare could set you a long way back, so what are you waiting for?
The EU’s poster child for data protection, GDPR, is coming into force in Spring 2018 and the business world is waiting with bated breath to see what happens next. Already, marketers are scrambling to build new email lists and the likes of Google and MailChimp are reaching out to customers to offer updated GDPR-compliant services.
But for businesses in general, there seems to be a vague sense of ‘ignorance is bliss’ – especially for those without the internal resources to handle compliance in-house. Unfortunately, this is one aspect of IT you definitely shouldn’t be ignoring, and here’s why.
GDPR is Coming
Forget the pressures of the festive season: GDPR has been a much greater source of stress for business owners, as we approach the end of the year and the reality of the situation finally starts to dawn on many. From May 2018, new rules will come into effect, dictating how companies acquire and store personal data, as well as further influencing a variety of other processes.
But it’s not just the rules that are changing – it’s the punishment for non-compliance too. Under the soon-to-be obsolete DPA (data protection act), the ICO could only issue a maximum fine of £500,000. In comparison, GDPR guidelines will see firms fined up to €20million or 4% of group worldwide turnover (whichever is greater).
To put this into context, fines will be up to 79 times the amount under GDPR vs DPA. TalkTalk’s 2016 breach, for example, cost the telecoms giant £400,000. Under GDPR, the actual amount would be closer to £59million. Quite a jump, isn’t it?
It Could Happen to You
At this stage, there’s still plenty you can do as a business to ensure you’re compliant in time. One of the worst things you can do, however, is to bury your head in the sand until the last minute – that’ll just make things much worse!
It’s also important to note that GDPR definitely applies to your business, no matter who you are or its size. And before you say it, no, Brexit doesn’t mean the UK gets to dodge the new rule change. Every business across all EU states are in the same boat here, with smaller businesses especially feeling the pressure without the resources.
Thankfully, becoming compliant is as easy as doing your homework, engaging with an expert, and taking it one step at a time, rather than letting yourself be overwhelmed by the associated to-do list.
Preparation is Everything
CNi Solutions are always keen to help businesses to prepare for the worst. In our everyday experience, this usually comes down to creating and implementing disaster recovery plans to help clients bounce back even when the worst happens and it seems like the end of the world.
Although not identical, preparing for GDPR and creating a disaster recovery plan are still startlingly similar, which is why we’re applying our expertise and know-how to help businesses up and down the country to prepare for GDPR.
Through events and individual sessions, we’ve been consulting professionals and organisations alike to ensure that when GDPR does land, they’re well-prepared for it, with no nasty surprises in 2018.
Fail to Prepare, Prepare to Fail
No matter how much or how little you collect personal data, it’s absolutely essential that you make the necessary steps to prepare your business for GDPR, or else face hefty fines for non-compliance. Although this can seem like a daunting prospect – especially for those not in IT or data-heavy industries – the best way to prepare is one step at a time.
Just be sure to handle your GDPR obligations sooner rather than later to protect your business and its customers – and if you need any help, CNi Solutions are on hand to guide you every step of the way.
Starting to worry about GDPR? Give us a call and let’s discuss what’s left to do. Alternatively, keep up to date with our upcoming GDPR workshops over on our website. Trust us: once you’ve taken this first step, you’ll see that there was nothing to worry about all along!