GDPR will be the government's next big push to ensure both cyber-security and cyber-compliance. But are British businesses ready for it yet?
At TEISS 2017, British businessmen were asked if they were ready for GDPR or if they required additional guidance to prepare for the upcoming legislation
Cyber crimes: the threat, the Government, GDPR and how it affects you
As of now, businesses that store customer data and fail to protect them from cyber-attacks are liable to pay fines of up to £500,000 to the exchequer. Such companies will have to adhere to the General Data Protection Regulation (GDPR) from May 2018 whose rules are being tightened even as cyber-attacks are growing more destructive and powerful with the passage of time.
GDPR will require offending businesses to pay fines to the tune of either 4% of their annual worldwide turnover or €20 million, whichever will be higher. As such, the total costs incurred by such firms because of their failure to defend cyber-attacks may go up to £122bn in 2022 from a mere £1.4bn in 2015. The message behind the new regulations is for large firms to either pull up their socks or face impending financial ruin and loss of face.
After Brexit, why should UK businesses care about GDPR?
At TEISS 2017, the audience was provided a session on GDPR, what it means and how it will affect them. To gauge their understanding of the new rules and regulations and the effect of the session on their understanding, they were asked if they knew how to prepare for GDPR, once before and once after the session.
Prior to the session, 18% believed that they were ready for GDPR, but the number dropped significantly to 11% after the session ended. Similarly, those who thought they were unclear on certain aspects of GDPR constituted 39% of the audience prior to the session, but rose to 48% after it.
What if the breach goes undetected under GDPR?
This means that until they were told about GDPR in detail, some business-owners believed they knew enough about it and were ready for it, but agreed that they had more to learn about GDPR once the session ended. The session explained to them the impacts of GDPR on operational processes and compliance requirements, mandatory reporting, and the UK Government’s forecast strategy for how they see the cyber security developing over the next five years.
The total percentage of business-owners who said they wanted some or a lot of guidance on GDPR rose from 80% to 88%, which implies that the session did convince the more confident ones that they didn't know enough as yet.