4 - 5 OCTOBER 2017 / EXCEL LONDON

IT & Telecoms Firms Risk Damaging Fines By Ignoring Implications Of New Data Protection Rules

Monday 21 August 2017

Almost half (44%) of IT & telecoms companies are unaware of the new wide-ranging data protection rules which come into force in less than a year’s time - despite 17% admitting the maximum fine for non-compliance would force them out of business, whilst 12% said it would lead to large scale redundancies.

According to a YouGov survey, commissioned by Irwin Mitchell, of 314 IT & telecoms companies, 56% admit to being aware of the new General Data Protection Regulation (GDPR) which comes into force on 25 May 2018.

These results are concerning because with next May’s deadline fast-approaching, our study reveals there’s a very real possibility that a large number of IT & telecoms companies will not be compliant in time.

GDPR represents the biggest change in 25 years to how businesses process personal information and it replaces existing data protection laws. Under the new rules, the maximum fine for certain data breaches in the UK will rise from £500,000 to €20million or 4% of global turnover, whichever is larger. Fines issued last year by the Information Commissioner’s Office (ICO) would be 79 times higher under GDPR.

It’s a staggering statistic but 90% of the world’s data was only created in the last two years. By 2020, there will be ten times the current amount of mobile data and much of it unstructured. The time to install the right data shields and internal compliant controls to minimise the risk of breaches is now.

The notification of certain data breaches where there is an impact on privacy, such as a customer database being hacked or a letter being put in the wrong envelope, must be reported to the ICO within 72 hours under the new regime. However, our survey found that just 34% of IT & telecoms companies are certain that they would be able to detect a data breach within their organisation. Just 37% say they are confident they would notify the relevant stakeholders within the required timescale of three days.

Other changes under the GDPR include an obligation to be more transparent about how personal data is used.

Worryingly, 18% of respondents claim that GDPR will have no impact and is not an issue for their sector. Thirty one per cent claim it isn’t relevant to their business as they are not a consumer business.

Contrary to popular belief personal data is not just consumer information. It is hard to think of a business today that does not use personal data. Whether you have employee data, customer data or supplier data – if the data relates to an individual you will be caught by the new data protection laws.

GDPR is clearly a big issue facing the industry but a proactive stance towards it will not only help avoid fines, it will pay dividends from a commercial point of view also.

To better understand the key actions businesses need to take and how to navigate the pathway to GDPR compliance, come and listen to Joanne Bone, Partner and GDPR Expert at Irwin Mitchell in the Cyber Security Keynote Theatre on Thursday 5 October at 3pm.

Top