Back to Blog

Getting Data Protection Right

Post by |

Size doesn't matter

I don't know if you've heard, but the laws surrounding Data Protection are changing. On May 25th 2018, the new 'General Data Protection Regulations' (GDPR) comes into force, affecting every business that processes or controls data on behalf of UK Citizens.

Let me say that again, 'affecting every business that processes or controls data on behalf of UK Citizens'. This is an incredibly important point that organisations large and small are missing.

Irrespective of where you are located in the world, or how big your organisation/business is, if you process data of UK Citizens then you must ensure you comply with the GDPR.

What should you do

As a Cyber Security Specialist, I find myself talking about the new regulations frequently and the response generally fluctuates between distinct ignorance to a terrifying lack of interest. Personally, I find the former surprising and the latter infuriating.

With so many security professionals talking about 'cyber attacks' and the lack of good data security, even the most casual of glances in this direction will give you a glimpse of the GDPR.

So what needs to be done?

Well, if you're in the 'ignorant' group, there is hope. There is a lot of advice and guidance on the web, with lots of free resources and webinars to help you. Simply 'Google' the term “GDPR” and you will find a wealth of articles and 'How To' guides. All of them are offering advice on what you should be doing, and how you should be interpreting various important parts of the Regulations.

The Regulations themselves can be found by clicking here, so it's worth taking a look. Once you have read the Regulations, it's time to discuss how this will affect your business with those around you (if you're a sole-trader, then it's time to look closely at your business). The first step is to understand WHAT data you hold and categorise them; Employee data? Customer data? Financial Data? Corporate Data? Now... Where and how is it stored? Start here and you'll quickly build up a picture of what you are holding and how to protect it. This isn't the end of the story, it's just the beginning, but gets you started.

Lack of interest

If you are in the 'lack of interest' group, then the advice is similar, but far easier to apply; Read the Regulations, and stop being ignorant (arrogant?) about your obligations to protect the data you hold.

On May 25th 2018, the new regulations come into force. They affect you, your employees, your customers, your clients and your suppliers. Ignorance is no excuse. Arrogance is unforgivable.

Written by Gary Hibberd, Managing Director of Agenci.

Agenci provide Cyber Security consultancy services and assistance on GDPR compliance

About the Author:


Gary Hibberd was appointed as Managing Director of Agenci back in 2012. Gary’s passion for all things cyber was sparked in 1985 when he began his as a programmer. As a result of that passion Gary went on to become a renowned expert on ISO 27001 and GDRP. Today, Gary is a passionate practitioner and regular speaker on cyber security.

Gary speaks across the Globe to both large and small business as well as private and public organisations. He loves to engage the next generation of cyber experts speaking in schools, colleges and universities. As part of his busy life Gary has authored books on cyber security and business continuity as well as contributing to government initiatives on cyber security and counter terrorism. If that wasn’t enough in his personal life Gary is an avid obstacle race participant and fitness fanatic. Gary can count the Worlds Longest Obstacle race amongst his many personal achievements.

| See all our contributors
Back to Blog