GDPR: Is Your Small Business Ready For New Rules And Regulations?
With just over eight months until the EU General Data Protection Regulation (GDPR) is introduced, businesses need to ensure they are compliant, or risk facing significant fines.
Why the change?
The new rules are being introduced to create a uniform set of data protection rules for all EU member states, and all organisations trading in the EU. Despite the UK’s decision to leave the EU, the government has confirmed this will not affect the introduction of the GDPR, and all businesses must be compliant. Cyber insurance providers, Cyberguru, can help advise you of these changes and how they will impact your business.
What are the consequences?
By the 25th May 2018, all businesses need to ensure they are abiding to the new rules; especially if the organisation uses prospect data as part of its sales pipeline.
If your business fails to meet the new regulations and does not provide adequate cyber protection to customers, you could receive detrimental fines of up to:
1) €10 million or 2% of annual turnover – whichever is higher – for not properly storing customer records, not notifying the supervising authority about a data breach, or for not conducting impact assessments.
2) Or €20 million or 4% of annual turnover – whichever is higher – for violating basic data security principles or violating consumer consent.
To assess how prepared your business is for the GDPR, you can complete this five-step assessment from the Information Commissioners Office.