back to top

info(at)sypo.uk01539 741461

General Data Protection Regulation

Posted on 25th May, 2017

General Data Protection Regulation (GDPR) kicks in just 12 months from now

shutterstock_277657199.jpg

This is something that concerns all business owners, a regulation passed by the European Parliament to strengthen and unify data protection for individuals in the EU. We may be leaving the EU but this law is staying.

You have until May 25 next year to get ready so now is the time to start thinking about it as it will be expensive and time consuming to implement.

Over the last few years the amount of data that people hold has grown considerably. Personal data means any data which can identify an individual. In 2011 the cost to the UK Economy of data was around £27billion. By 2016 it was £49 billion and growing, as is cybercrime and data theft.

It’s estimated that 3.04 million records are compromised every day and only 28% of attacks are reported.  This includes genetic, mental, social, cultural and economic data.

What can you do to be safer? Do you have sensitive data on a USB that you carry around with you? Well, some 20 million USB sticks are lost each year, many of them not encrypted or protected.

And as the recent global cyber attack, which hit the NHS and companies around the world, demonstrated, there needs to be constant vigilance.

GDPR will impact on all UK businesses, whatever their size. If you are a sole trader you need to take this just as seriously. At the moment fines are capped at £500,000 but these are set to rise to EUR 20 million OR 4% of your Global Turnover- whichever is greater.

Our intention at Sypo is as follows.

In House:

1. Plan and execute an exercise to use disc encryption on all our machines
2. Identify and catalogue the places in which we hold customer data
3. Review and reduce the customer data we hold
4. Document procedures for reviewing and pruning customer data

On the web:

1. Investigating methods for holding customer data in secure “vaults”, e.g. Braintree payments
2. Identify and catalogue the places in which we hold customer data
3. Investigating methods of encrypting customer data where we hold it
4. Review and reduce the customer data we hold
5. Document procedures for reviewing and pruning customer data

If you need advice or help, please do get in touch.