Member Article

Encrpytion experts warn businesses of new privacy law

The EU Parliament has seen a lot of to-ing and fro-ing of the issue over the years, but they’ve finally set a date for implementing a strict zero-tolerance policy towards privacy and data protection.

The General Data Protection Regulation (GDPR) is set to become fully effective on 25th March 2018, after which date any organisations that fail to comply with the GDPR will be charged with a fine of £17.2m (€20m) or 4% of their annual turnover – whichever is higher.

Leigh Cowell of Kingston Memory Shop, Preston-based encryption experts, has issued a warning to fellow local businesses: “If you’re in Lancashire and you work in healthcare, IT, public services, finance, education or sales, you need to take action right now. This applies to all of us and we can’t afford to simply ignore it. The message from the GDPR is clear - reconsider how you collect and store personal data or take a hit. It’d be such a huge shame to see thriving local businesses in Lancashire suffer over something so easily avoidable.”

Whilst 69% of businesses say their senior management consider cyber security is a very or fairly high priority for their organisation only half of businesses have actually taken recommended actions to identify cyber risks. The Information Commissioner’s Office (ICO) have warned that “we’re all going to have to change how we think about data protection.”

Not only does the new GDPR aim to harmonise previous EU privacy directives among member states, but also modernise them to account for digital technology.

The new legislation has laid out new requirements for businesses, including:

• Organisations over a certain size, must employ a Data Protection Officer to ensure data is responsibly collected and appropriately secured.
• Data security breaches must be immediately reported to the IICO no longer than 72 hours after the breach occurred.
• Individuals are entitled to ‘the right to be forgotten’ which would withdraw consent of use of their personal data.

What is classed as ’sensitive’ data?

In the digital era, defining ‘sensitive’ data can be complex. It is no longer just names, addresses and credit card details but also the likes of cookies and IP addresses.

The ICO believe that the more expansive definition in the GDPR provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.

For organisations that don’t collect personal online data, the collection of such information in the form of HR records and customer lists may already be compliant with Data Protection regulations – but appropriate security and encryption of this data is now mandatory rather than recommended.

How can businesses make sure that they are protected?

The requirements set out by the GDPR depend on the size of your business, but even small and medium-sized businesses are expected to adopt measures enforced on larger businesses and implement them appropriately.

All businesses are susceptible to cyber threats and data breaches, so it makes reasonable sense for them to completely reconsider their method of protecting personal data in order to avoid the tough penalties enforced by the GDPR.

Data encryption ensures that, should the data fall into the wrong hands, it is incomprehensible and meaningless. Many businesses are planning to roll out a default ‘encrypt everything’ approach to data collation in order to protect themselves at all costs.

If you think your company might be affected by the new GDPR and would like more information, speak to Kingston Memory Shop’s online chat team or shop their range of GDPR encrypted memory sticks.

This was posted in Bdaily's Members' News section by Kingston Memory Shop .