View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

GDPR and what it means for your business

By John Oates

In less than ten months the way all UK companies deal with data will undergo a truly massive change.

The adoption of the General Data Protection Regulation comes into force in May 2018 and the government has confirmed it will apply to UK businesses regardless of where we are with the Brexit process.

The reality is that most large UK firms will choose to follow GDPR in order to continue trading with European partners and customers. The government has promised to introduce a new set of laws but this is likely to quite far down the list of priorities.

If you know anything about GDPR it is probably the size of the fines – up to four per cent of global turnover or €20m.

The new laws require businesses to fundamentally rethink how they treat private data.

Firstly because the law widens the definition of private data to include anything which could identify an individual and even includes an IP address. Advertising and marketing will need to think carefully about what information they are storing, and how it is protected.

Secondly it gives individuals the right to demand to see any information which is held about them and in some cases for it to be deleted. This will force companies to justify any information it holds and for how long it keeps it for.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Thirdly it will mean that companies have to take proactive steps to protect data. This means designing privacy in from the very start of projects – not just encrypting a database after it is collected but considering exactly what information is collected and why. It also obliges companies to inform people if their data is lost within 72 hours of a breach being discovered.

Finally companies are not just responsible for keeping their own houses in order. If you share any data with another firm you must ensure that they are also taking proper precautions to protect it.

This might seem like heavy handed over-regulation but public attitudes are changing in step with changes to the law.

While some businesses might still want to blame the hackers when they suffer a data breach the public, and regulators, are increasingly taking a much tougher attitude – both are more likely to blame the business.

The Information Commissioner’s Office recently fined a computer games rental company £60,000 for being hacked and losing customer data. The company in question lost over 26,000 customer details when its website was hit by an SQL injection attack.

The judgement found the company guilty of not running regular penetration testing of its website, having a weak password on its publishing system and leaving customer data unencrypted.

Companies have to take action fast to ensure they will be ready to comply with the new law.

This means a comprehensive data audit to see what data you have and where it is being stored. Larger companies will need to appoint a data protection officer to ensure compliance with the stronger rules.

But the change is also an opportunity for business.

Given changing public attitudes there is a chance for companies to start making data protection a business advantage and a key part of marketing and advertising messages. By this time next year it is a fair bet that we will see companies using data protection as a key way to differentiate themselves from the competition.

For companies looking for help the Information Commissioner’s Office website is a good place to start.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU