The clock’s ticking to prepare for new regulations coming into force, says Calibre’s Karen Nelson (r

Member Article

New data rules: The final countdown

THE countdown has started for North East businesses who have 12 months to prepare for new legislation that will significantly affect the way they manage information, says Karen Nelson, managing director at Calibre Secured Networks.

The General Data Protection Regulation (GDPR) comes into force from May 2018 and will signal a change in the way SMEs manage and look after a whole range of data and information. Also coming into effect simultaneously will be the Network and Information Security Directive (NSID), also known as the Cyber Security Directive.

So what is happening and how will companies be affected? And, importantly, what can they do about it in the coming months to get ready? In simple terms, GDPR is a new data protection regulation that will strengthen and unify the safety and security of the information held by an organisation. Its set to replace the Data Protection Act, making radical changes to many existing data protection rules and regulations that firms currently adhere.

Failure to comply could see eye-watering fines of up to €20 million (or 4% of turnover, whichever is greater) for both the data controller and anyone else involved in the chain such as those with responsibility for data shredding and disposable.

This regulation coupled with Cyber Security Directive, will see a further requirement for compliance for all UK businesses, forcing them to adapt, or even adopt new approaches to the way they tackle both data and cyber security issues.

Although it remains to be seen exactly how the new legislation will pan out and its impact on the region’s SME population, there are a few things that we already know will be certain. Data breaches will have to be reported if possible within 72 hours while the definition of personal data will be extended to cover location, IP address as well as medical information.

It will also be incumbent upon business owners and managers to make sure that personal data is reasonably protected and an individual’s privacy protected. The Cyber Security Directive will require providers of ‘critical’ digital services such as energy and banking to instigate ‘appropriate security measures’ relating to the detection and reporting to search engine and cloud computing breaches.

It is essential SME owners and managers start planning their approach to compliance sooner rather than later, and that all those involved are not only made aware of but also understand, the changes and embrace them - it may involve implementing new procedures to deal with greater transparency and individuals’ rights provisions with wider budgetary, IT, personnel, governance and communications implications.

One way forward is to find a suitable partner who can help you manage all of that in a safe, secure and compliant way. There are a plethora of IT partners out there who can help and hold relevant accreditations such as ISO 27001 but when drawing up a shortlist consider factors beyond paper credentials and accreditations – experience in these matters always counts.

It’s also important any supplier that works with you can plan for growth and change, as it’s easy to forget that extra staff places place increased demand on IT resources and capabilities. A good IT supplier should be able to help predict how your needs will change in line with your strategy.

There can be little doubt that the advent of GDPR and the Cyber Security Directive will have an impact and the clock is now ticking when it comes to action. SMEs need to be thinking about how it will impact on them before it’s too late and find the resources that will help them leverage the technologies so that they’re ready come May 2018. More at www.calibre-secured.net

This was posted in Bdaily's Members' News section by Calibre Secured Networks .

Enjoy the read? Get Bdaily delivered.

Sign up to receive our daily bulletin, sent to your inbox, for free.

* Occasional offers & updates from selected Bdaily partners

Our Partners