Size doesn't matter
I don't know if you've heard, but the laws surrounding Data Protection are changing. On May 25th 2018, the new 'General Data Protection Regulations' (GDPR) comes into force, affecting every business that processes or controls data on behalf of UK Citizens.
Let me say that again, 'affecting every business that processes or controls data on behalf of UK Citizens'. This is an incredibly important point that organisations large and small are missing.
Irrespective of where you are located in the world, or how big your organisation/business is, if you process data of UK Citizens then you must ensure you comply with the GDPR.
What should you do
As a Cyber Security Specialist, I find myself talking about the new regulations frequently and the response generally fluctuates between distinct ignorance to a terrifying lack of interest. Personally, I find the former surprising and the latter infuriating.
With so many security professionals talking about 'cyber attacks' and the lack of good data security, even the most casual of glances in this direction will give you a glimpse of the GDPR.
So what needs to be done?
Well, if you're in the 'ignorant' group, there is hope. There is a lot of advice and guidance on the web, with lots of free resources and webinars to help you. Simply 'Google' the term “GDPR” and you will find a wealth of articles and 'How To' guides. All of them are offering advice on what you should be doing, and how you should be interpreting various important parts of the Regulations.
The Regulations themselves can be found by clicking here, so it's worth taking a look. Once you have read the Regulations, it's time to discuss how this will affect your business with those around you (if you're a sole-trader, then it's time to look closely at your business). The first step is to understand WHAT data you hold and categorise them; Employee data? Customer data? Financial Data? Corporate Data? Now... Where and how is it stored? Start here and you'll quickly build up a picture of what you are holding and how to protect it. This isn't the end of the story, it's just the beginning, but gets you started.
Lack of interest
If you are in the 'lack of interest' group, then the advice is similar, but far easier to apply; Read the Regulations, and stop being ignorant (arrogant?) about your obligations to protect the data you hold.
On May 25th 2018, the new regulations come into force. They affect you, your employees, your customers, your clients and your suppliers. Ignorance is no excuse. Arrogance is unforgivable.
Written by Gary Hibberd, Managing Director of Agenci.
Agenci provide Cyber Security consultancy services and assistance on GDPR compliance