The EU General Data Protection Regulation law will come into force in 2017, increasing penalties and fines on companies which fail to protect data adequately, are subject to a breach and or simply do not comply. It is deemed to be amongst the world’s most stringent data laws and companies would be best served to take notice and do so quickly as the potential consequences of this first real overhaul of European data legislation are enormous.
Minimum fines of 2% of global turnover
Fines are to be set between 2% (minimum) and 5% (maximum) of global turnover. Just to put this into a tangible example; if the Talk Talk breach occurred under the new EU regulation, the company’s fine could have amounted to £90 million. £90 million is quite an insignificant fine if we compare it to the maximum fine, £500,000, it faced under existing regulations by the ICO (Information Commissioner’s Office).
No place to hide
The new regulation will impose disclosure of data breaches in the public interest, meaning there is no hiding place for firms that have breaches and this too has detrimental implications for organizations. In a recent Verizon PCI Compliance report it was discovered that 69% of customers are less likely to do business with an organization that has suffered a data breach. So the numbers are starting to add up…
As businesses realize what is involved, we can expect to see them struggle to achieve compliance throughout the year, scrambling to hire consultants or investigate outsourcing solutions as 2016 draws to a close.
On the upside: Competitive advantage
The EU data reform package is designed to end the ‘patchwork’ of data protection rules that currently exist in the EU, this will reduce red tape and bureaucracy for firms. This translates into simplicity and that in turn into cost savings; businesses will deal with a single supervisory authority and cost savings are estimated at €2.3 billion a year.
Across Europe, governments and EU institutions are recognizing that the abolition of unnecessary EU burdens is vital to maintaining competitiveness. Competitive advantage is not only a benefit for the EU and its members. There is also an opportunity for direct competitive advantages for companies. Trust has never been so important, if companies can manage this most precious customer value they will thrive in this new digital era. Guaranteeing your customers trust WILL make you stand out in the crowd and more so as time goes by, the earlier you start greater the advantage.
Committed or not?
To achieve competitive advantage companies need to be committed. They need to approach the new EU General Data Protection Regulation law as a unique opportunity to invest in their customers trust and their economic future and not just as a check box to avoid fines. The EU GDPR law will strip away the complexity and red tape of previous regulations both at national and European levels and give companies the clear guidelines they need to succeed…..if they are committed.
On the bright side, we are seeing a positive uptake
Fortunately, in January alone, we have seen businesses starting to wake to the potentially enormous consequences (both positive and negative depending on their approach) of this first real overhaul of European data legislation and that is driving engagements we are having both with private and public institutions.
In addition to enterprise we are also seeing how some countries are realizing the competitive gains to be had and are becoming proactive, preparing enterprises for the EU GDPR with new measures that will ultimately prepare companies for the big change in 2017. The Netherlands for example introduced a new law in regards to data breach notification on Jan 1st, Hungary also made key amendments to Key amendments to the Hungarian Data Protection Act which came into play in Oct 2015, all of which should help change companies and decision makers mind sets before 2017.
Where do you stand today in regards to your data?
Get committed or get in deep trouble would be the options for businesses in regards to data regulations and customer trust. The common denominator in all of this is data. And the question still remains: Do you know where your critical data is stored? Whether it is Card Holder Data (CHD), Personal Identifiable Information (PII) etc. Do you really know where it all is within your network as data grows on average 40-60% annually?
Can you show that in a report, delete it if needs be? If the answer to any of these questions is no and you are interested in having a sample check of your network, desktops, email boxes, servers, databases from one centralized solution just request a trial of our software and we can set you up with a Proof of Concept today and we will help you discover your data risk and protect your reputation.
VP of Corporate Developement