6 things IT professionals need to know about GDPR

Just over a year ago and just after the details of the new legislation were announced by the European Parliament, we wrote an article summarising what GDPR was, who it applies to, when it comes into effect and why it is so important for businesses to start preparations now to ensure compliance for the future. Now, with only 12 months to go until GDPR comes into effect, it is more important than ever that businesses know everything about the legislation and the scale of the changes they need to make to ensure they remain compliant one year from now.

With this in mind, here are the 6 things IT professionals need to know about GDPR:

GDPR stands for General Data Protection Regulation

Current UK data protection legislation dates back to 1998 and of course, a lot has changed in that time. Now, almost 20 years later, new legislation is coming in to recognise the digital environment we now live in and the way our personal data can be exploited.

Partly, the regulations are designed to give people more control over how their personal data is used but GDPR also aims to simplify data protection law for businesses throughout the single European market.

The new legislation comes into effect on 25 May 2018

This means businesses now only have one year to put the necessary measures in place to comply with the new regulations. Not only will complying better protect your customers’ data and reduce your risk of data breaches but it will also help you avoid hefty fines for non-compliance imposed by data protection authorities, which could be up to $20 million or 4% of your global annual turnover (whichever is greater).

According to risk mitigation firm NCC Group, the £880,500 total in fines issued by the Information Commissioner’s Office in 2016 could be 79 times higher from 25 May 2018, equating to £69 million.

Buy-in from the Board is crucial for compliance

Whilst your Executive team may be aware of GDPR, they may not understand the full impact it could have on your business, not just in terms of non-compliance but in relation to the steps it will take the business to meet the requirements of the regulation. Getting the board’s buy-in is crucial if you need budget to transform systems and take on expert resource to implement the changes required.

GDPR compliance is not the sole responsibility of IT

Getting GDPR ready is a big task and one that cannot simply be taken on by IT teams. Legal and compliance teams will of course need to be involved but at a higher level, leadership teams need to ensure that all parts of the business are aware of the impact and each member of staff is equipped with adequate data protection knowledge. This may well involve investing in business-wide training.

Once the new regulations come in, both those who control data and those who process data will have responsibility for abiding to the rules.

Your skills are in demand

If you are a Data Protection Officer or IT Security Analyst, you are extremely employable right now. Experience with projects around implementation of PCI, UK DPA and ISO are at the top of the list for many employers looking to hire information security professionals.

Risk and Governance Managers are also key in GDPR preparations.

Your business may not be GDPR compliant in time

With only a year to go, there is a real risk that many companies won’t be fully compliant when GDPR comes in. To have the best chance of best practice on 25 May 2018 and beyond, companies need to focus on protecting the data which is most sensitive and/or which is most at risk as well as documenting the steps you are putting in place to protect data. If your business is behind in its preparations for the new regulations, there is a point when the leadership team needs to assess what level of risk the business is prepared to accept.

To view our latest IT jobs, visit our jobs pages.

Top in News & insights

Recommended articles

Back to top