Good Directors Prepare for Rules

Rupert Irons, Threat & Risk Management Sector Manager at C3IA Solutions, a cyber-security firm based in Poole, Dorset.

A leading cyber-security firm is warning businesses that GDPR has not gone away – and rulings and fines are expected soon.

The General Data Protection Regulations came into effect last year and have been wrapped up in the UK’s Data Protection Act (DPA) 2018.

But many companies are still not fully compliant, leaving themselves exposed.

C3IA Solutions, based in Poole, Dorset, believes many bosses have not followed through with their early preparation for GDPR implementation now it has fallen from the public conversation.

Behind the headlines there have been large increases in data breach reporting and complaints from the public – and of subsequent investigations.

The Information Commissioner’s Office (ICO) has expanded by 60% since 2016 and is still growing in response to the demand.

Along with the National Cyber Security Centre (NCSC), the ICO has issued more guidance on implementation so any period of grace there might have been is ending.

Rupert Irons from C3IA Solutions said: “We are awaiting judgements and possible fines for companies that have reported breaches under the new regulations.

“Many believe that the British Airways’ breach reported in the autumn may become the test case for how they are enforced in the UK.

“This is likely to focus minds and act as a reminder to businesses to make sure they are compliant.

“It’s worth remembering that failure to comply with GDPR can result in fines of 20 million Euros, or four per cent of an organisation’s global turnover, whichever is greater.

“Of course, it would be much better for companies to look at GDPR now rather than wait for contact from the ICO after a data breach has been reported.

“But our work across the security sector leads us to believe that many firms are not as prepared as they ought to be.

“For example, the new guidance has details about information security – just a part of what GDPR covers.

“It makes clear that this is not just about ‘cyber-security’, but also about physical security and organisational security measures.

“Not only will poor information security leave a business in breach of GDPR, but risks real harm and distress to people as well as various types of fraud.

“We have seen a huge rise in fraud in some sectors and to get an idea of scale, nearly 60,000 data breaches have been reported across Europe since GDPR came in last year.

“We just want to remind businesses about GDPR and to ensure they are compliant.

“Those companies we have been working with really benefit from our whole approach of looking at all their security.

“Being compliant and having peace of mind is what we help companies achieve.”