Cyber security is one of those phrases that tends to elicit a groan and a grimace but from next year it is something you ignore at your peril.
For some of us it conjures up images of tinfoil-clad baddies from Doctor Who, for others it’s the killjoy software your parents put on the PC that slows your gaming down.
But from May 25 the General Data Protection Regulation (GDPR) introduces a raft of new obligations that must be complied with, failure to do so carries a fine of up to ¤20m or 4% of your global turnover. The legislation applies to all EU member states, so barring any major speeding up of the Brexit negotiations, it affects us.
Needless to say this is a complex area of law which affects anyone who handles other people’s data. One of the biggest changes is that anyone who processes data will be liable for damage and loss suffered should data be compromised. The GDPR sets out a list of requirements surrounding record keeping, security, protection management and data transfer.
As well as security GDPR also seeks transparency for individuals, this is where it gets interesting. Those whose data you hold have rights of access, rights over correction, the right for it to be forgotten, to opt out of marketing and automated procedures, for the data to be available in other formats. The list goes on. What GDPR will certainly do is change the e-relationship firms have with clients.
It’s also fair to assume that over the coming months plenty of consultants will be waiting in the wings to offer professional IT help and scare the b’Jesus out of you in equal measure.