If data protection wasn’t already a hot topic, it now has the potential to impact businesses unaware of the new rules that come into force next year.
Companies of all sizes need to put personal data protection high up on their to-do lists in advance of the General Data Protection Regulations (GDPR) come into effect on 25 May 2018.
From May 2018 onwards, any breaches of the new GDPR regulations will see companies pay fines of up to €20 million or 4% of their annual global revenue, whichever is greater. This means that from 2018 onwards, companies should use state-of-the-art security to protect personal data.
What is the EU GDPR?
Implemented by the EU Parliament in 2016, the GDPR framework is the most important change to data privacy regulation in 20 years, replacing the 1995 Data Protection Directive and giving citizens more power over their personal data.
In an age of cloud computing, big data and social networking, the GDPR will determine how businesses manage, protect and administer data in the future.
What data does the rules cover?
Personal data could be any information related to a person or ‘data subject’ that can be used to directly or indirectly identify a person. This could include a name, a photo, an email address, bank details as well as posts on social networking websites, medical information or a computer IP address.
How should businesses comply?
Larger companies handling significant volumes of data may need to appoint a Data Protection Officer, who will be responsible for managing data security processes. The DPO is also able to inform and advise managers and employees who are involved in data processing about what their obligations are under the GDPR and other applicable laws.
However, businesses of all sizes should review and, if necessary, upgrade their data handling at every stage to ensure that any personal data is held and managed securely and appropriately.
What will happen if there is a data breach?
Companies and businesses that suffer a data breach after May 2018 could face fines of up to 4% of their global turnover, or €20 million Euros (approx £17 million pounds), whichever is the greatest. On top of these fines, an affected company may also have to pay customers damages in the event of data loss or theft.
The fine will depend on how serious the breach is and how well the affected business can prove that they had measures in place to protect customer data.
Will it still affect UK businesses post-Brexit?
Any business that processes data about individuals in the context of selling goods or services to citizens in EU countries will need to comply with the GDPR, whether or not the UK retains the GDPR after Brexit.
If a company’s activities are limited to the UK, then the position is less clear. The Government has indicated it will implement an equivalent or alternative system and it is likely that this will follow the GDPR. The EU’s GDPR website points out that the GDPR provides a clear baseline against which UK business can seek continued access to the EU digital market.
What does this mean for resellers’ customers?
Hardware encrypted storage solutions from Integral Memory will safeguard your customers’ data with high strength, military grade security features. Product solutions include secure flash drives such as the Integral 256-bit AES Hardware Encrypted USB range.
For complete data security on a PC, Integral Crypto Solid Security State Drives are an ideal choice. All these drives are FIPS 140-2 certified, meaning AES-256 bit hardware encryption is paired with tamper proof circuitry to ensure ultimate protection.
For more details on products to protect customer data please speak to your VOW account manager.
VOW Venture customers can find out more about data security and the related services offered by VOW, including: Records and Information Management, Secure Shredding and Data Management. Simply email firstname.lastname@example.org.
For more tips and insights subscribe to our newsletter and follow us on Twitter or LinkedIn: