Cyber Security, GDPR and Brexit
The General Data Protection Regulation (GDPR) is the EU’s attempt to bring data protection legislation up to date with new or previously unforeseen ways that data could be used now.
The Data Protection Act 1998 will be replaced by this new regulation, which looks to introduce a single set of data protection rules throughout the EU, together with tougher fines for those who breach or fail to comply.
The EU hopes to clarify what businesses can and can’t do with data throughout the EU whilst giving people more control over what companies with access to their data can do with it. Since the 1995 EU Data Protection Directive the internet and cloud technology have changed the way that data is used or can be exploited.
The UK will be leaving the European Union within the next two years, having triggered Article 50 on 29 March. However, the UK is almost certain still to be part of the EU when the Regulation starts to apply on 25 May 2018, so British organisations will need to comply with the GDPR. In addition, organisations that hold data about European citizens will need to be compliant even after the UK leaves the EU.
Noncompliance penalties are high, up to 20 million Euros or 4 percent of an organisation’s annual turnover. This is worrying when it becomes clear that not all businesses and organisations in Britain are finding the introduction of the GDPR and what it means for them clear at all.
Research shows that nearly half of small and medium-sized businesses that will need to comply are uncertain whether or not they will need to remain compliant with GDPR following Brexit, while 6% of businesses believe that they will not have to remain compliant following Brexit.
Another report states that cyber security is taking precedence over Brexit as the most important concern in boardrooms across America and Europe. According to the report, more than half of businesses in America or Europe have experienced some form of cyber attack in the last 12 months. This ties in to the lessons from the WannaCry cyber attack last month that cyber attacks can happen to anyone, regardless of size or budget.
Many organisations are in need of training and education on cyber security so that they can be prepared in the event of a cyber attack. The reaction to GDPR shows that many organisations are struggling to keep up with the ever-changing cyber security landscape.
How DCI Cyber Essentials can help
The first step to keeping your organisation safe from cyber attack is to be certified with DCI Cyber Essentials. Certification to the Government’s Cyber Essentials Scheme is a mandatory requirement for organisations wishing to win business with the MOD, and can help your organisation prepare and defend itself against malicious cyber attacks.