If You Think You’re Prepared for GDPR Think Again!
Oct 29, 2021
Ever wondered what ‘GDPR’ is? Maybe you have never heard of it, or maybe you just never questioned what it was. Here is a simple explanation…
GDPR stands for General Data Protection Regulation. It is a European Union (EU) law that came into effect in 2018. The GDPR's primary aim is to enhance individuals' control and rights over their personal data.
Is GDPR Still Relevant?
With Brexit, many UK companies question whether GDPR is still a concern and whether their time and effort is better spent elsewhere.
It should come as no surprise that companies are still obliged to comply with the UK and EU GDPR regulations. Whether you own a small website or a multi-national organization, if data is processed from inside the UK or EU, you must follow GDPR regulations. Before obtaining any data, the user must give explicit consent.
In addition, the UK information commissioner’s office (ICO) states that “The GDPR is retained in domestic law as the UK GDPR, but the UK has the independence to keep the framework under review. The ‘UK GDPR’ sits alongside an amended version of the DPA 2018. The government has published a ‘Keeling Schedule’ for the UK GDPR, which shows the amendments. These should be used for information only for the time being, until the official text on legislation.gov.uk has been updated.” See notes 1, and 2 below.
Is Compliance Important in the UK?
Recent studies concluded that GDPR encouraged improvements in several business process increasing Robotic Process Automation (RPA) as well as improvements in cyber risk management that are within the scope of the regulation.
With the increase in cybercrime, there is a serious risk to organizations of potential data breaches. As a guide, here are some figures to put in context:
Estimated cyber-crime cost £4 trillion
102% increase in ransomware attacks
75% increase in phishing for SaaS credentials
Is there a simple fix?
The out of the box answer is “no.” However, there is a “but! “ Preparedness is key to not only complying with these regulations, but to respond when there are breaches. Your company could tick all of the GDPR boxes on paper, but this can only take an organization so far. In order to mitigate the effect of potential breaches and reduce the chance of fines, you must test how well prepared you are to deal with a breach.
In as little as eight hours, CTG can help your company simulate this exact situation with a Table Top Exercise (TTX). The Table Top Exercise simulates real world issues, such as data breaches, subject access requests, and tests your organization’s response in a safe environment. This gives you invaluable insights into your strengths and weaknesses before the consequences are dire.
You Can Trust CTG
CTG have been pioneers in Data Privacy services since 2015. We deliver a cost effective seamless Table Top Exercise solution (TTX) with minimal business impact. Conducted by seasoned experts on location or remotely as required. Predefined outcomes such as:
• Quantitative review • Qualitative review • Full reporting including action topics • Benchmark data
For more than 50 years, CTG has provided clients with information, technology, and business solutions that address their critical challenges. Our collaborative approach fosters long-term relationships and trust, and yields strategic insights that maximize client investments in solutions and competitive advantage.
Footnotes: 1. See the UK adequacy decision from June 2021 - Decision on the adequate protection of personal data by the United Kingdom - General Data Protection Regulation | European Commission (europa.eu) 2. See the ICO’s consultation on data transfers to and from the U.K. from August 2021- FAQs for UK ICO's data transfer consultation – including approach to EU SCCs (iapp.org)