COMMENT: A fresh perspective on GDPR
Written by Deborah Ritchie
New statistics show businesses across the UK are being targeted by cyber criminals every day and the scale and size of the threat is growing. The government’s latest study of cyber preparedness among UK companies suggests that nearly seven in ten large businesses identified a breach or attack in the past year, and puts the average cost to large businesses of all breaches over the period at £20,000 and in some cases millions. The Cyber Security Breaches Survey 2017 also shows businesses holding electronic personal data on customers were much more likely to suffer cyber breaches than those that do not (51% compared with 37%) – figures that may serve to crystallise thoughts and preparatory work for new EU General Data Protection Regulation.
With the deadline for implementation just one year away, reports suggest that a very good number of businesses – a poll of polls conducted at CIR Towers suggests about half – will not be ready in time for GDPR. But while half may not be ready for the new EU regulation, there are reports that suggest other businesses may even have over-prepared following guidance released by the ICO and others, which may have caused more concern than assistance – particularly among marketers. According to research from the Direct Marketing Association, marketers worry that the interpretation of GDPR laws will be overly strict. Just over half (54%) of businesses polled by the DMA say they are on course or ahead of their plans to be ready for GDPR by May 2018, down from 68% in February, with a further quarter of companies (24%) yet to even start a GDPR plan. CEO of the DMA Group, Chris Combemale, says that despite high levels of awareness, the number of businesses that believe they will be ready in time has dropped to just over half. “Recent announcements and guidance from the ICO have caused much concern, that the interpretation of the laws is overly strict, penalising the companies most committed to best practice, honesty and transparency,” he insists. “What the industry needs is balanced and fair guidance from the ICO and Article 28 Working Party. With just 12 months to prepare we need this guidance urgently...”
Looking at it from another perspective may help get things moving. Instead of allowing the prospect of GDPR to loom over the company as an obligation, try to view it instead as a positive opportunity to maximise the value of data and streamline processes. As Sungard Availability Services’s Rogelio Aguilar, points out: “Businesses should approach the next year, until the GDPR deadline, as a great opportunity to drive increased value. The GDPR is designed to better facilitate business across the largest digital market – whether that’s keeping the door open for organisations to do business with the 440 million people within the EU to maximising the value of data whilst also protecting it. A correct GDPR implementation will help businesses manage data privacy risk, implement good record management practices, streamline business processes, increase resilience as well as benefit from cost savings and ultimately a more competitive market position. To take advantage of these opportunities and mitigate risk, senior management must champion GDPR as a strategic initiative.”
Further reading on GDPR (Source: Information Commissioner's Office)
The following highlights the key themes of the General Data Protection Regulation (GDPR) to help organisations understand the new legal framework in the EU.