With or without GDPR, data security is fundamentally important. But research finds that many businesses and charities are putting more emphasis on cyber security ahead of the new data protection regulation – then again, not all of them are.

According to the recently released seventh edition of the BCI Horizon Scan 2018 report, 53 per cent of business continuity and resilience professionals are ‘extremely concerned’ about the possibility of a cyber-attack. Meanwhile, 42 per cent are worried about the possibility of a data breach, and 36 per cent are concerned about unplanned IT or telecom outages.

It is with good reason: a data breach can have a disastrous effect on a company’s share price performance, as TalkTalk found out to its cost.

But sometimes company’s might need nudging to do more. See a parallel with the compulsory wearing of seat belts. It was in driver’s own interest to wear seat belts, but once it became compulsory, an awful lot more of us did buckle up when driving. And maybe countless lives have been saved as a result.

A potential cyber attack is clearly a threat to businesses, just as the risk of a car accident is a threat to drivers – and cyber security might be akin to wearing a seat belt – GDPR just makes it compulsory.

In fact, the General Data Protection Regulation, enforceable from May 25th, means that in the event of a data breach an organisation, “without undue delay and, where feasible, not later than 72 hours after having become aware of it,” to notify the supervisory authority where the data controller has their main establishment.

But GDPR is not just about what you must do in the event of a cyber breach, it requires organisations to apply appropriate steps to optimise data security.

According to a recent report from the Department for Digital, Culture, Media and Sport, among those aware of GDPR, just over a quarter of businesses and charities made changes to their operations in response to GDPR’s introduction, and among those businesses, “these changes included those to cyber security practices.”

The report, which related to a survey of 1,519 businesses and 569 registered charities, found that of those organisations that “have made changes to how they operate, around half of businesses and over a third of charities say some of these changes relate to their cyber security practices.

There is one snag: only 38 per cent of businesses and 44 per cent of charities say they have heard of GDPR.

Drilling down:


                                                                                                Businesses     Charities

Created or changed policies and procedures                

                                                                                                      36              36

Additional staff training or communications

                                                                                                      21              10

Deployed new systems

                                                                                                      12                7 

Formal post-incident review

                                                                                                       7                 2

Created or changed back-up plans

                                                                                                       7                 4

Changed which users have admin access rights

                                                                                                       7                 4

Installed, changed or updated anti virus software

                                                                                                      6                12

Change or updated firewall

                                                                                                      6                 9

Encryption of data

                                                                                                      5               10

Outsourced cyber security

                                                                                                     5                  1


Learn more about data security and GDPR, visit: https://gdpr.report/

By Michael Baxter, Editor, Fresh Business Thinking


GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at http://www.gdprsummit.london/

comments powered by Disqus