The European Union’s General Data Protection Regulation (GDPR) is now in force – and with it, the prospect of multi-million pound fines for organisations found in breach by the Information Commissioner’s Office (ICO).
With the GDPR now current, companies could be facing several hundred billion pounds worth of fines – not the (frankly) pathetic fines that the ICO has hitherto slapped on lackadaisical organisations with slapdash security. Tesco alone could’ve been on the hook for a £1.9bn fine for the breach it suffered at Tesco Bank in November last year, for example.
And, no, you can’t avoid it by trying to keep schtum – GDPR (and other legislation on the way) includes mandatory breach notification, and you won’t have much time, either, before you have to ‘fess up if your organisation does suffer a security breach.
The best place to start is this in-depth, three-part feature written by Kuan Hon, Pinsent Masons’ consultant lawyer and data protection specialist, which doesn’t just cover GDPR, but some of the other various data protection-related legislation cascading out of the EU in the coming years:
- Part one: How GDPR and the Network and Information Systems Security Directive will complicate cloud computing;
- Part two: How GDPR will weigh on cloud computing providers and impose new breach notification rules;
- Part three: More than GDPR: Brexit, Safe Harbour and Privacy Shield, and the Network and Information Systems Security Directive.
These won’t just help guide you in your GDPR-compliance efforts, they can help guide your board, and highlight the issues to anyone in your organisation who needs to know why it is important – and exactly what needs to be done – in plain English. Good legal advice is essential as there is so much conflicting data protection, privacy, security and other legislation.
For anyone in local government, Pitney Bowes’ veteran Andy Berry provided a neat summary of the priorities – yes, the GDPR applies to absolutely everyone. Part of those preparations must include talking to cloud providers, as the 25 May 2018 is a ‘hard’ deadline, and old deals will need to be update to take account of the new GDPR.
Computing has, of course, covered many of the other different issues that GDPR might entail, such as putting up the cost of cloud computing, and how it may help entrench the big, US cloud computing giants and stifle the development of start-ups that can challenge them. It may also inhibit the development of privacy and security-enhancing technologies.
Save this article