Article, IT News

12 months in GDPR compliance and data protection

GDPR compliance, breaches of data protection, European Data Protection Regulations

At elucidate we aren’t interested in scaring companies with threats of litigation or fines to get them to embrace their responsibilities around European Data Protection Regulations. This can make it harder to convey the gravity of some of the work which we think, should be on every CEO or MDs to-do list. We want to help companies with their GDPR compliance and put policies and controls in place to help with breaches of data protection  

Research, interviews and white papers published over the past month point to a groundswell in capacity, capability and likelihood that within the next few months we will start to see a lot more action from the Information Commissioner’s Office as they tie up investigations which have been running for months, some of which may turn out to flout  European Data Protection Regulations. They have received over 41,000 data protection complaints in the past 12 months and had over 14,000 breaches of data protection reported to them. 

When the Information Commissioner, Elizabeth Denham, says that they are preparing to demonstrate the action her office is willing and able to take to protect the public, you can be sure she means it.   

Statistics show that many medium and large businesses have invested in this area, as referenced by the Department for Digital, Culture, Media & Sport (DCMS)’ cyber security breaches survey. Whilst this is good for the bigger businesses it highlights a serious issue for micro and small businesses because 31% of those breaches of data protection from the past 12 months specifically targeted them.  

 It’s understandable of course. In any business cash flow is paramount and even we recognise that cyber security with regards to GDPR compliance probably isn’t top of the priority list for most people. As well as this SMEs seem to believe they are either too small or very low risk and so don’t bother, but if they are being targeted it’s imperative to do something. You must be able to demonstrate the consideration you have given the European Data Protection Regulations as not doing so will elicit the worst response should the worst happen. 

 It doesn’t have to be expensive and it doesn’t need to be overly technical. But it does need to be done… 

Previous ArticleNext Article

Leave a Reply