In the wake of the EU referendum there is uncertainty for businesses and their IT systems around the General Data Protection Regulation. Finance & Management explains.
Reports regularly confirm that businesses of all sizes are still not able to keep cyber crooks at bay. The Federation of Small Businesses calculates the annual cost of cyber attacks to be £5.2bn. The Department for Culture, Media and Sport’s Cyber Security Breaches Survey 2016 stated that only 29% of companies had formal written cyber security policies and 10% had a cyber incident plan (42% for larger companies).
While British companies are subject to the Data Protection Act, European commissioners have instigated the General Data Protection Regulation (GDPR), which will require companies of all sizes in EU member states to standardise the collection, monitoring and recording of information held on customers and clients. Previously individual countries interpreted directives; the regulation is intended to standardise the collection of data and remove national discretion. Adopted three months ago, GDPR is set to take effect on 25 May 2018 – by which time EU regulations may no longer apply to the UK.
This is an extract from the Finance & Management Magazine, Issue 246, September 2016.