Worrying figures released recently by data security firm Egress revealed that 52% of UK businesses are still not fully compliant with GDPR regulations, more than 18 months on from their introduction.
This is a startling statistic for businesses, as penalties for non-compliance are capped at €20 million or 4% of a company’s annual global turnover, whichever is greater and these fines would significantly impact businesses of any size.
Since the implementation of GDPR regulations in May 2018, the Information Commissioners Office (ICO) have been lenient in their enforcement: Equifax were fined £500,000 for failing to protect the personal data of 15 million UK citizens which were stolen in a cyber-attack two years ago, Facebook were fined £500,000 in October 2018 for their role in the Cambridge Analytica scandal and Bounty UK received a £400,000 fine for illegally sharing the data of 14 million people.
However, we are seeing the end of these insignificant fines as the ICO move to enforce GDPR regulations to the full extent of their powers with both British Airways and Marriot International on the receiving end of monumental fines for the personal data breaches they reported in 2018 (£183m fine – 1.5% of turnover and £99.2m fine – 3% respectively).
According to Tony Pepper, CEO, Egress “The wait of more than year between implementation and the first action taken by the ICO under GDPR seemed to lead to a perception outside the security industry that the regulation was ‘all bark and no bite’. Although the authority’s announcement that it intends to fine British Airways and Marriott such staggering sums sent shockwaves through the security community, it is concerning only 6% of organisations have taken action to avoid the full potential of the legislation. These announcements should definitely have acted as a clearer warning that organisations cannot risk compliance complacency.”
For many organisations, all that is required to ensure you are compliant with the regulations is a simple GDPR Gap Analysis to evaluate your current level of compliancy against the existing requirements.
To achieve this, our consultants can review your existing policies, procedures and controls against the requirements of GDPR. Once this has been completed, our consultants will provide you with a report which indicates your current level of maturity alongside recommendations to remediate the gaps.
In addition to this, for organisations which have not yet been able to formally implement GDPR changes, our consultants can create and implement policy documentation and changes within your organisation on your behalf, this will enable you to ensure you are compliant with the GDPR legislation.
Whether your organisation has begun to take steps to become compliant with the regulations or you are yet to begin your compliance journey, time is off the essence. SES has the expertise to guide you through the entire process, please get in touch to speak to one of our specialists.
© Financechain Limited trading as SES and ses-escrow.co.uk, 2019. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Financechain Limited trading as SES and ses-escrow.co.uk, with appropriate and specific direction to the original content.