Just over one year ago, GDPR (General Data Protection Regulation) came into effect. And, since it was introduced, the ICO (information Commissioners Office) has recorded a significant rise in data protection complaints. This proves how important people take their personal data, along with any abuse of it. However, how seriously have businesses taken GDPR and the protection of their data, along with the ways they use it?
The scary lead up to GDPR
On the run up to GDPR there was a significant amount of confusion and scaremongering. As such, many businesses spent hundreds, even thousands of pounds in preparation to be GDPR compliant. In fact, almost £1 billion was spent in the process. However, there were those that also simply did nothing. According to an independent study conducted by USBMakers.com, only 42.5% of respondents audited their data processes on the run up to GDPR. Further to this, only 16.8% appointed a data protection officer, even though it is mandatory under GDPR.
So, that leads us to ask whether businesses have taken GDPR seriously enough, or if the advice for becoming GDPR ready was not clear enough.
The cost of non-compliance
Businesses found to be non-compliant of the new GDPR can be fined up to 4% of annual global turnover or €20 million – whichever is greater. That’s a scary amount! And, surely that’s reason enough to review data management processes.
Data is a business’ most valuable asset, it’s vital for their growth and success. Businesses hold various data sets including customer and prospect information, financial data, marketing insights and much more. As such, it is vital there are data management and security measures in place to protect data. Not only could a data breach cost a business huge amounts in fines, it could also damage the business’ reputation and lead to a loss of clients.
Is data security a concern?
In the study conducted by USB Makers, 65% of people said they were worried about their personal or financial data being hacked, yet 78% said they were not worried about there being a data breach within their business.
Much more needs to be done with regards to the communication and education surrounding data proception and the risks to data. People are the greatest risk to data, including incorrect data input, data misuse, and their nonunderstanding of cyber security risks. With this in mind, it’s more important than ever to ensure staff have a greater understanding of the rules and regulations of GDPR along with the associated risks to data to ensure its security. In the same study, 30.2% of people did not know whether they’d been hacked and are therefore open to potential risks. Most people do not see data security as a risk, because the risks are simply unknown.
Data security as a strategy
The number of complaints will only continue to rise, along with the number of fines issued to businesses who’re non-compliant. As such, all businesses should review their data management processes and ensure all staff have the relevant knowledge in order to protect it correctly. Every business should appoint a DPO and review their compliance and security regularly.