24 May 2018

GDPR – Why it’s time for your organisation to take cyber security seriously

GDPR (General Data Protection Regulation) has been in place since 25 May 2018. It replaced the European Union Data Protection Directive and must be followed by all EU member states – including the United Kingdom.

The regulation has forced many organisations to take cyber security seriously. Learn more below.


What is GDPR?

The new regulation aims to protect personal data and give individuals control over how companies use information relevant to them and make sure organisations process, store and destroy the data they have in a secure and safe way.

Organisations that fail to comply with GDPR’s rules could see fines of up to 4% of their annual turnover or 20 million Euros, depending on which is greater. Currently, the maximum fine for a data breach is £500,000.


Is your business using the data you are storing?

Whether you are using the data or not, it is important that you document the data you are storing and the reasons for storing it.


Have you got rid of any historical data your business no longer needs?

It is good practice for your business to delete any historical data that it no longer needs. Think about it this way, the less data your business has access to, the less it has to control and look after.


Are you familiar with GDPR?

The sooner you familiarise yourself with GDPR the better. GDPR should be part of your day to day. From now on, every time you deal with data, you must consider if your business is actually allowed to use the data it is holding.


Are your employees informed?

External communication is vital; however, internal communication is just as important. Make sure that your employees are aware of the changes your organisation has made surrounding GDPR. Remember that not everyone is going to be aware of GDPR, make sure that appropriate training is in place for those who need it.


Do you have the appropriate policies in place?

Your business should have put distinct policies in place before the 25 May 2018. It is important  that this has been added to your company’s website and make your customers aware of it.


Is the data you keep safe?

It is important that the data your business has access to is safe. Certification such as Cyber Essentials will help your organisation fight off 80% of all cyber attacks.  Having Cyber Essentials certification will show that you have taken steps towards protecting your organisation and its data from cyber attacks.


How do I get Cyber Essentials?

To protect your business and your customers’ data, your organisation will require more than just Cyber Essentials, however, it is the first step towards cyber protection.

Recommended by the UK Government, Cyber Essentials certification is designed to provide a statement of the basic controls your organisation should have in place to mitigate the risk from common cyber threats

Get certified with Cyber Essentials Online.


*Office hours are based on GMT working time 9am-5pm Monday -Thursday and 9am-2pm on Fridays. Fast Track applications made outside these times cannot be guaranteed for a 24 hour turnaround.