Just under a year from now, on 25th May 2018, GDPR will come into effect.
That means all businesses and organisations that handle EU customer, citizen or employee data must comply with the guidelines imposed by the new General Data Protection Regulation.
If not, they could could face a huge fine of up to four per cent of their global turnover or €20 million, whichever is greater.
However, Matthew Kay, information governance manager for the London Borough of Hounslow has reassured people that the fine won’t be used in every case.
Million Dollar Question
“The million dollar question is in how the ICO will enforce it. There’s going to need to be consistency across regulators,” said Kay.
“There’s a lot of talk of board-level accountability, but I don’t think you’re going to see a shotgun loaded up and fired off left right and centre,” he added.
“The ICO is “an educational organisation” that would prefer to assist the enterprise in building GDPR strategy as opposed to simply handing out fines.
How Much Could It Cost?
Although the fine could be up to 4% of global turnover, it’s capped at a maximum of €20m.
However, the ball is in the business’ court. The wording in GDPR infers that if a business has a data breach, but is forthcoming about it and had taken steps prior to try and avoid a breach, then the punishment would be more lenient.
The most serious punishment would be incurred if a company ignores all the guidelines laid out in GDPR and is seen to try and cover-up any breach, in which case they would be eligible for a full 4% fine.
We’ve written in the past about how the GDPR guidelines have been found to be confusing. However, in just under a year we will see them come into full effect. If businesses are not prepared, it could be a very costly mistake.
Interestingly, David Hunt, principal enterprise architect at Workday suggests that business leaders have already recognised the threat that the new regulations pose.
Speaking during a seminar with Computing, Hunt explained, “The GDPR, which is coming into force in May 2018, is a significant driver behind digital transformation.
“Senior executives understand that the threat of the fine is real, so something needs to be done. And every employee in an organisation should understand the journey, and the digital strategy,” he added.
The final point is something we strongly agree with. Although many of the headlines regarding GDPR focus on the potential fines (including this one), it’s important that organisations see it as an opportunity for education to ensure they remain compliant.
How Tier 1 Can Help
We know from experience that many companies do not have a plan in place for when a piece of IT hardware has reached the end of its use. This means that many are handing over sensitive data to people without the expertise to securely and effectively deal with it.
At Tier 1 IT Disposal, we’ve handled the disposal of computers and laptops for some of the UK’s largest blue chip organisations. Alongside this, we accurately track every device that enters our process, meaning you can keep records of your hardware as it is disposed of or recycled. With our online “realtime” tracker of all your assets, the process is completely transparent for ultimate peace of mind.
If you would like to talk to us at Tier 1 about the safe disposal of your computer equipment then please give us a call on 0161 777 1000.