View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Comment
June 12, 2018updated 12 Jul 2018 4:15pm

GDPR: a new level of data protection

By Mishelle

The deadline for the General Data Protection Regulation (GDPR) has arrived. The regulations may seem burdensome, but the level of data protection and security is unprecedented and something we all will be glad to see implemented, writes Jon Szehofner, partner at GD Financial Markets

As issues of ownership and control of business and personal data increase in prominence, cybersecurity and technology resilience have become integral parts of companies’ operations.

The surge in security breaches over the past few years alone demonstrates that criminals value and seek raw, personal and business data. Recent examples include the 9,000 Tesco Bank customers’ accounts breached in 2016, the Equifax breach of 145.5 million people’s data in 2017, and the theft of $81m from Bangladesh’s Central Bank accounts using the SWIFT network.

GDPR holds increasing relevance in today’s society as it is not just another financial or regulatory hurdle for firms to navigate. In an increasingly online world where data is an increasingly valuable commodity, protecting our personal information is crucial. Should businesses fail to comply with the regulations they could be exposed to some fairly hefty financial and reputational consequences.

Transparency and compliance will be crucial for those who want to avoid regulatory scrutiny, face a fine of up to 4% of their global revenues, or risk damaging their hard-won reputation.

As a piece of European legislation, GDPR sets the standard for data protection across all industries both within and outside the EU. Data protection for individuals within the EU, and with respect to the movement of their data outside of the European Economic Area, will be strengthened.

Whether your business is a local SME or a global enterprise, the consequences of noncompliance will be damaging. As recent events such as Cambridge Analytica scandal suggest, the stakes relating to the social, economic and political value of data have been raised for companies, individuals and governments across the world. Consequently, local GDPR regulators will take an active approach to adherence to the rules and spirit of the regulation.

The regulation states that breaches include, but are not limited to, misuse of data, such as when an individual’s data is used in marketing material where permission has not been given, or when appropriate security is lacking, leaving companies and individuals open to criminal activity.

How are firms preparing? Many recognise the necessity to develop appropriate governance, process and systems to enable them to comply with the GDPR on an ongoing basis. While IT departments work to upgrade and secure businesses’ tech systems, HR teams will need to instruct employees in the new requirements for compliance and to communicate it to clients.

Some firms have opted to hire dedicated Data Protection Officers, others have appointed people on a voluntary basis or hired external agencies. The extent to which firms are prepared for the incoming regulation depends on the company and its board accepting the importance of GDPR, from not only a compliance perspective but also from the perspective of the benefits that can arise from a well-considered change programme.

This process will require teams to understand and monitor everything from technology contracts to cloud-based software services. Indeed, a recent Deloitte survey showed that only one in ten global companies effectively monitor and identify data activity by their sub-contractors and, instead, rely upon third parties to examine fourth- and fifth-party activity.

It is important to note that all organisations will be held responsible for the use of data on their behalf and, consequently, it is imperative that they are organised and appreciate what and how the data they are responsible for is being used by others. The real significance of GDPR is where the regulations place responsibility for compliance.

These regulations stipulate that the onus of responsibilities lies with a board-level member of the company, and the need for evidence to demonstrate that a company has taken clear steps in its attempts to be compliant. Firms that fail to recognise and track the origin of their data may struggle to develop well-defined systems for GDPR.

The size of a firm is not always the defining factor in this issue – the amount of different systems in use and the ease of tracing data relating to an individual are what counts. There will be a need for firms to hold internal audits on the data they hold, to understand from where it originates and whether it should be corrected or changed, and this procedure noted for future reference within the firm.

It is also important that firms continue their efforts and do not cease implementing these standards after the May deadline has passed. In 2016, the UK Financial Conduct Authority revealed that the number of reported incidents of cybercrime within its jurisdiction had jumped to 75 for the year to date from five in 2014.

If the regulator’s fine is not enough to incentivise companies into action, the irreversible reputational damage to companies associated with data breaches shows that serious loss of trust and customer support may occur, which will take longer to rebuild than lost revenues. Firms have very little time to prepare for the introduction of GDPR, and it is important that those at the top of organisations recognise the significance of these regulations.

Implementing compliance may seem monotonous, but once the initial systems are in place, GDPR will make doing business safer and more in line with the social and political direction that technology is taking us in.

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. A weekly roundup of the latest news and analysis, sent every Thursday. The leasing industry's most comprehensive news and information delivered every month.
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy


Thank you for subscribing to Leasing Life