The new General Data Protection Regulations (GDPR) coming into force in May of this year. It includes much more stringent rules regarding a business’ obligations to store, protect and manage customer data. Under the new rules, fines for data breaches are increasing; the maximum fine has increased from £500,000 to €20 million OR 4% global turnover. It’s not only the accessing of data that can cause problems – failure to report a breach, when required to do so, can also result in fines.
The size of the fines may seem daunting for SMEs but both the fines and expectations are carefully scaled. An SME with 15 staff wouldn’t be expected to have the same levels of security as a multi-million-pound blue chip company, and the fines wouldn’t be as severe – although of course even a smaller fine could have a big impact. What is important is that you have both policies and an infrastructure in place which demonstrates that you have taken reasonable measures to protect the company. From lax policies to out of date kit or a lack of data recovery resources, there are many ways you might fall foul of the ICO if you are hacked.
Having the right infrastructure can help – from secure storage and backup to security and simple, provable deletion of data, you can build these requirements into your current set up. It may be worth enlisting specialists to make sure you make the right resource investments in coming months. Colocation, for example, ensures your kit is well maintained in a secure, controlled environment and could provide proof of both security and good practice when it comes to storage and backup of data. The GDPR may be making additional demands on your infrastructure, but if you take a strategic approach, many will be to the benefit of your business in the long run.