Is there less spam in your inbox? For many businesses, the GDPR implementation on May 25th 2018, signalled the start of a new era. Eagerly racing to grasp the scale of changes needed, most understood the GDPR as a rather nebulous concept we could term ‘data courtesy’.
Jumping into this brave, new world, where data cowboys roam no more; businesses strove for compliance by the deadline date.
So, what’s happened since?
The GDPR impact on big businesses
One interesting trend we can see is many international companies adopted the GDPR across their whole cybersecurity operations.
This is because the GDPR covers data collected by any company from any location on European-based citizens and says nothing can happen to that data without ‘informed consent’. To simplify processes, global outfits thought to make all their data on world citizens GDPR compliant.
The GDPR impact on SMEs and startups
A second trend consistent with the way huge regulatory changes affect businesses is that start-ups and smaller businesses were less GDPR ready.
Small businesses activity centres around growth and the potential to leverage what is, no doubt, a small database of customers and suppliers. Regulations involve checking you have consent to contact people and can keep information confidential. The UK Government has produced some plain English GDPR material about what you need to know about cyber security. It is really important to get compliant as soon as possible (if not already).
GDPR watchdog fines
If we can call it a trend, it seems large fines for cyber security breaches are here to stay.
The first high profile casualty of the new GDPR was Facebook: see Facebook’s fall from grace with ICO fine. This action by the UK ICO toppled long-held assumptions that platform based social media sites can’t be regulated. Their findings underscored the responsibility for ensuring data security is with the data holder.
The Facebook case took account of user behaviour. Facebook is happy to provide and profit from entertainment in the form of third-party additions such as quizzes and apps. From the users’ perspective, taking a survey didn’t add up to giving consent to a third-party (in the ICO’s view).
GDPR and insider versus outsider attacks
It is interesting the external threat trend for traditional data foes, hackers, is focussing on external exploitations such as ransomware. This risk will only increase as companies adopt more third-party cloud services and providers.
The threats to cyber security from insider attacks decreased slightly since the GDPR, which is to be expected with companies adopting the services of a data protection officer who is accountable for breaches. That being said, the recent Ticketmaster breach in June, 2018 makes interesting reading.
What have we learned since the GDPR implementation?
The main way to safeguard your business is to remain a trusted brand.
Ensure you only deal with reputable cloud service providers.
Read up on the relevant GDPR information for your business.
Consider an information security audit to check your supply chain security is robust.
Remember, your customers and suppliers, inundated with ‘I agree’ banners or permission emails in their inboxes in May and June, lost count of the times they said ‘yes’ to what they hope is a trustworthy and responsible use of their data. There’s something reassuring about those little banner tick boxes. Make sure you live up to it.