What happens to data protection rules if we leave the EU?
Well, in short, we don’t know. But what is sure is that the Data Protection Act 2018 is UK law and is in place, although there are still questions around the transfer of data from the UK to countries within the EU if we leave the union. This is why it is essential that you consider having professional representation if you are dealing with territories outside the UK.
What are the threats? Essentially, cybercrime, and it’s on the increase. It is evident that despite GDR aiming to protect individuals and businesses, cyber criminals are becoming sophisticated in identifying new ways of infiltrating IT infrastructures, so how do companies put in place systems and procedures to safeguard their digital assets?
We have noticed that currently we are seeing a lot of phishing attempts purporting to be HMRC tax refunds so in the age of digital disruption, businesses need to be scanning the horizon for cyber threats on an on-going basis.
We’re coming to the end of the transitional period so the Information Commissioner’s Office is likely to be tough on businesses that can’t show sufficient control and protection over the data they own – especially in the light of a breach. This could result in fines of up to four per cent of an organisation’s global turnover or £17.5m, (whichever is higher) so businesses must continue to make sure they are compliant.
In addition to fines for lack of compliance, businesses that aren’t on top of their security face very real risks from socially engineered attacks like ransomware and other targeted, advanced assaults. This could mean lost revenue or customers but the reputational damage can extend beyond repair with a serious breach ruining a business.
So, what can companies do?
We advise that businesses conduct an annual external penetration test on IT systems to identify weak points and deal with them. You should also consider education and run internal awareness campaigns to make sure all staff are aware of the threats like phishing as well as frequently conducting their own internal systems testing, paying particular attention to the entrance and exit points of IT systems. Criminals are always looking for an easy way in, so the better controlled the IT infrastructure is, the less likely they are to become the victim of cyber crime.
With breaches and hacks becoming a daily occurrence, it begs the question, “Could you afford the loss of sales, damaged reputation and costly fine if you ignored or worse, mishandled, a breach?”
Every business should place data protection at the top of their priorities list as a matter of best practice. Are you sure you’re looking after your personal data properly? If not, call the experts.