The GDPR and security – why your business might still be at risk

The General Data Protection Regulation (GDPR) came into force in 2018, and many businesses took the necessary steps to become compliant. In some cases, these steps were painful and expensive, but they were necessary in order to bring the organisation in line with the rules.

However, there are some companies that many not have taken the GDPR seriously. They can still be at risk both from cyber criminals and hackers, and from being punished within the rules of the regulations. Here we look at why your business might still be at risk.

Risk #1 – You assume compliance is a one-off achievement

One of the major misconceptions about the GDPR is that becoming compliant is something that can be simply achieved, and once that compliance is realised, the company can stop thinking about that issue anymore. But this is incorrect and it can end of up with your business becoming non-compliant without you even realising it has happened.

Compliance is an on-going process and companies are expected to mange their system and move with the times. This helps to ensure that individuals whose data is held by a company do not have their information put at risk by new techniques and tactics used by criminals.

Risk #2 – You haven’t invested in cyber security

To comply with the GDPR you need to invest properly in cyber security. The GDPR was put in place primarily to protect individuals whose data is held by organisations. The GDPR can punish organisations that suffer data breaches and lose the information of the individuals.

That means that you need to have strong cyber security measures in place. This cyber security needs to stretch a long way beyond standard firewalls and anti-virus software (although these are still important). Companies should be investing in proactive cyber security measures such as penetration testing and managed detection and response (MDR).

Risk #3 – You haven’t invested in physical security

It is important here to stress that many businesses do put a lot of time and money into their cyber security, but then fatally undermine it by not also investing physical protection. Remember that the GDPR is looking to ensure companies prevent any kind of data loss, and this data loss is not limited to online and IT infrastructure breaches.

Ultimately, criminals are just looking for the easiest way to steal data, and if you have not protected your property with physical security measures you can be at risk. Leading British security services and concrete barrier provider Maltaward recommend everything from using concrete barriers to restrict vehicle access, to implementing  CCTV cameras and security doors. See more in their blog post on how to keep a property secure.

Risk #4 – You’re misinformed about Brexit

It is still the case that some businesses are misinformed about Brexit and how the UK leaving the EU could potentially alter the rules surrounding the GDPR. If, for example, you are assuming that the fact that the UK is set to leave the EU means that your business does not need to comply with the regulations, you are misinformed.

In fact it is the case that the UK has transposed the GDPR rules directly and created the Data Protection Act 2018. Under the act, British businesses must follow the same levels of compliance as laid down by the GDPR.

Risk #5 – You assume no-one will really face the heavy fines

Surely it’s all just a threat, and no company is really going to be fined for losing customer data, right? If this is your way of thinking then you are putting your business at serious risk. Failing to comply with regulations can see companies fined up to €20 million or 4 per cent of global turnover – whichever is greater.

Clearly these enormous fines can be a real danger to a business. Don’t assume that just because these numbers look like huge threats, that the ICO isn’t prepared to fine you for failing to comply.

Risk #6 – Your GDPR knowledge is still lacking

Ultimately, the greatest risk that you can have surrounding the GDPR is not educating yourself. If you still haven’t taken steps to protect your business and comply with the rules then your business can be at serious risk. It is a wise move to work with GDPR specialists to establish the steps that your company needs to take to become compliant.