As new EU Data Protection rules come into force, are you aware of how they will impact your business?
According to a recent survey, only half of UK IT decision-makers are aware of the upcoming EU Data Protection Regulation and how this law will impact their business.
What is the GDPR?
The upcoming EU General Data Protection Regulation (GDPR) is a comprehensive update of the 1995 EU Data Protection Directive. The Directive was created as a legal framework to regulate the progression of personal data within the European Union regarding the erasure of personal data. The GDPR will come into force on the 25th May 2018 so you need to be thinking about this legislation now to ensure you are prepared for the changes.
How does the GDPR affect me?
The major implication regarding the introduction of the GDPR legislation is the significant increase in fines charged to those companies who fail to comply. The fines under the new rules will be significant for any organisation as they are expected to go up to 5% of the annual global turnover of a company per incident. Therefore it is crucial that companies now look to review and adapt their business processes to ensure they can comply with the new rules and avoid the penalties for non-compliance.
The cost of a rule break
As the data protection regulations become tougher and more complex, companies need to consider the implications if they don’t start preparing for the new law. Any breaches in data protection legislation, which compromise individuals or clients confidentiality, could potentially ruin an organisation financially.
Failure to effectively erase information upon the disposal of an IT asset or storage device may not only result in financial implications but also in unseen costs, such as the incident recovery cost and the damage that can be caused to the brand reputation of an organisation. Negative publicity can end up costing a business far more than a finance penalty and often takes a much longer time to recover from which ultimately can result in a loss of customers.
GDPR and IT Asset Disposal
The GDPR law affects the whole process of IT Asset Disposal from the collection, use, storage and disposal of sensitive data. These increased penalties and regulations should be a reason to justify investment in security controls within your IT policy to prevent and limit the loss of data should they fail to dispose of their IT assets securely and responsibly.
Retiring unwanted IT assets should be a secure process, carried out by security cleared personnel, collected by GPS tracked and Geo-Fenced vehicles and stored in secure, licensed facilities using CESG approved data erasing software. The whole process should be fully auditable with the ability to track and report on what was erased and who handled the erasure; the data trail will then allow you to demonstrate your regulatory compliance.
Make the change before it’s too late!
It stands to reason that managing the aftermath of incidents once they have occurred are far more expensive to an organisation than proactively controlling the risks. It is crucial companies consider the impact to their organisation and make changes before it is too late. Businesses should start work now to ensure compliance with the new legislation, implementing a strategy compliant with forthcoming data protection guidelines.
Contact AMI to learn more about the GDPR regulation and how our services can help you comply with this new law.
Tel: UK +44(0)2890 844 400 l ROI +353(0) 1257 3232