12 Steps to Prepare for the GDPR
24th October 2017
Share this article
Shropshire businesses must take cyber risks more seriously in the run-up to new data protection rules coming into force.
That’s the warning from Dave Williams, who said the introduction of the new General Data Protection Regulation (GDPR) was now just months away.
“The GDPR will come into effect on May 25, 2018, and it places much greater responsibility on businesses that process personal data.
“For many companies, the imminent introduction of the new legislation has brought cyber risks to the top of their corporate agenda, but for others, they may not even be aware that the rules are on their way.”
Mr Williams said directors and officers would shoulder more liability than ever before, and some industry experts believed that they may soon be held personally liable for cyber-breaches or neglecting to prioritise cyber risk management.
“In fact, directors and officers who ignore their responsibilities could face legal action after a data breach – there have already been four cases brought against directors in the USA for cyber-attacks.
“So it’s vital that businesses start now to review their position and their attitude to cyber-crime, making it a priority across the company to ensure their systems are secure. And make sure everyone in your organisation is aware of the need to protect the data you hold – from the board members right through to the junior members of the team.
“You’ll need to set aside realistic amounts of cash to strengthen your cyber-security defences too, and it’s more important than ever to have the right insurance in place as companies are now storing a huge amount of electronic information.
“You should also review your organisation’s processes for collecting clients’ consent as whatever your process may be, it must provide an active opt-in where they individually agree to you holding their details.
“Keep well-organised records that clearly outline what individual clients have consented to, what they were told, and when and how they consented.
“Some UK companies, like Wetherspoons, are already scrapping their entire email mailing lists for fear that they will violate the GDPR, so it’s clear that businesses need to take the new rules seriously and start preparations now.”
