New regulations that are proposed across the 28 EU countries mean that organisations must be extra vigilant when it comes to data security. The concerning thing is that many companies are not even aware that they are losing data, let alone what type of data it is that is being lost, thus these fines could be surprise to them, but they will still be held responsible nonetheless.
There is no better time than now to start implementing data security precautions.
What exactly is the new regulation?
The new EU regulation means there will be tighter restrictions in terms of data. It will provide the Information Commissioner’s Office (ICO) with more power when advising companies to take action on data protection. It is positive in the way that there will be one set of rules about data protection in all countries in the EU, making the process more fair and even. For example, it will supercede the UK’s current UK Data Protection Act that has a less than discouraging penalty fee of just £500,000.
The new regulations demand that a company should notify the ICO of any data breach within 72 hours of being aware of it. If a company fails to comply to these demands and is found to be negligent with regards to their data security, they could face fines of up to 5% of their global turnover or €100,000,000. However, it is not just the financial penalties that are discouraging; companies will also face a ruined reputation, thanks to the public exposure of such a wrongdoing across the EU.
It is important for companies to understand, however, that these new regulations haven’t been set out as a way of making money. They are more a way of encouraging businesses to be more careful and become better at looking after their data. In fact, the new legislation can help them to be better companies and to ensure any data that they store is kept safe.
How can your business comply?
The first step in ensuring that your business is complying with the new EU regulations is to identify any potential risks and flaws in your current data security policy. In order to do this, you must have a clear view of the different types of data your company processes, you can then build a type of data life-cycle and identify what security steps you have in place at different points in the cycle. This will allow you to conduct data risk assessments. Regular testing of data security controls must be carried out to ensure they are still effective.
If your business is still not completely up to date with its data security strategies, you need not worry. It is unlikely that the regulation will be officially put into place before 2017, but it is still advisable that you take steps now in order to make that sure it functions properly before the deadline.
If you have any questions or concerns about implications of the new regulations on your business give us a call on 0845 6004696.
[Photo Credit: mzieglerraschdorf ]