Data laws are in the process of changing yet again. Is your business prepared? The EU’s General Data Protection Regulation (GDPR) provides new oversight into how organizations are, and should be, handling and protecting the personal data of users. Personal data includes records with identifying personal information as well as a computer’s IP address—In essence, anything that could be used to identify an individual.
New regulations go into effect in May of 2018. Everyone is trying to do their part to stay one step ahead of the cybercriminals who want to do us harm. And, with facts and figures like the ones below, it’s no wonder that data laws change as frequently as the weather:
- Cybercrimes are getting more frequent. In 2016, more than 29 million records were exposed in 858 publicized breaches across sectors including financial, government, healthcare and education.
- Small businesses are being hit the hardest. The Ponemon Institute’s study, 2016 State of Cybersecurity in Small and Medium-Sized Business reveals that 55 percent of SMB respondents say their companies have experienced a cyberattack in the past 12 months.
- The damage cyberattacks cause can be devastating. 50 percent report they had data breaches involving customer and employee information in the past 12 months. In the aftermath of these incidents, these companies spent an average of $879,582 because of damage or theft of IT assets. In addition, disruption to normal operations cost an average of $955,429.
- To make matters worse, according to the World Economic World Forum’s, “Global Risks Report 2016” a “significant portion” of worldwide cybercrime actually goes undetected. This means, as bad as these numbers are, the true situation is even more dire.
Will changing data laws doing more harm than good?
All of this raises an important question—Are these data laws doing more harm than good? Could new data laws actually force you to close your doors instead of help protect your business? According to one new analysis, the answer may not be as clear as one would hope.
The GDPR contains one seemingly small, but significant change that business owners in particular need to be aware of—Accountability. Under the GDPR, if personal data is stolen or otherwise compromised during a cyberattack, the affected company must report the breach within 72 hours of identification.
So, what happens if you fail to do this?
Under the GDPR, non-compliance could lead to an immediate fine of $20 million euros, or 4% of global turnover – whichever is higher. To put this into perspective, say a company as large as Apple was hit with a data breach and they didn’t disclose it for five days. That extra two-day waiting period could cost Apple billions of dollars.!
To provide some additional context, consider the case of Talk Talk, a UK telecom company that was hit by a massive data breach in 2015. At that time, the company was fined $400,000 for failing to take steps to prevent the breach from happening. Under the new law, that fine would grow to tens of millions of dollars.
Supporters of the new law argue that this is a real opportunity for businesses all over the world to promote protection for individuals’ privacy to gain a competitive edge in a crowded marketplace. They say the reward of “getting it right” is much greater than “getting it wrong” – at least in theory.
Many organizations are in full-on panic mode because of this.
Experts agree that not only will these new laws affect every part of a business, but people don’t know what to do to stay prepared. Plus, there’s a shocking lack of awareness for affected businesses—60% of people who responded to a survey thought the new regulations wouldn’t affect their organization in any way. These respondents could not be more wrong.
It’s estimated that the average business will need between 12 and 15 months to prepare, something that only 29% of businesses in the UK have started to do. When you consider that May of 2018 is less than a year away, this is a cause for alarm.
It’s imperative that your business conducts a comprehensive data audit to ensure personal information is secure at all times.
Companies like yours need to start by gaining as much visibility as possible into data security. You also need to know how it’s being used, what existing policies govern how it can be used, and what you need to do to ensure compliance before the new laws take place.
Make sure your company’s leadership is fully behind the change, and your employees are trained to recognize cyber threats. As always, data security requires an “all-hands-on- deck” approach. This has never been more important than it now.
Data laws will always change, and for a good reason—Cyber security is one of the most significant topics facing businesses today. This is why it’s so important to stay up-to-date on all the latest changes, rules and regulations. It puts you in the best possible position to stay one step ahead of the criminals who want to do you harm, and to stay compliant with regulations.
If you’re in San Francisco and would like to find out more information about this or any other IT topic, don’t delay—Contact On Time Tech by sending us an email to firstname.lastname@example.org or by calling (415) 294-5250.