The deadline for the General Data Protection Regulation (GDPR) has arrived. The regulations may seem burdensome, but the level of data protection and security is unprecedented and something we all will be glad to see implemented, writes Jon Szehofner, partner at GD Financial Markets

As issues of ownership and control of business and personal data increase in prominence, cybersecurity and technology resilience have become integral parts of companies’ operations.

The surge in security breaches over the past few years alone demonstrates that criminals value and seek raw, personal and business data. Recent examples include the 9,000 Tesco Bank customers’ accounts breached in 2016, the Equifax breach of 145.5 million people’s data in 2017, and the theft of $81m from Bangladesh’s Central Bank accounts using the SWIFT network.

GDPR holds increasing relevance in today’s society as it is not just another financial or regulatory hurdle for firms to navigate. In an increasingly online world where data is an increasingly valuable commodity, protecting our personal information is crucial. Should businesses fail to comply with the regulations they could be exposed to some fairly hefty financial and reputational consequences.

Transparency and compliance will be crucial for those who want to avoid regulatory scrutiny, face a fine of up to 4% of their global revenues, or risk damaging their hard-won reputation.

As a piece of European legislation, GDPR sets the standard for data protection across all industries both within and outside the EU. Data protection for individuals within the EU, and with respect to the movement of their data outside of the European Economic Area, will be strengthened.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Leasing Life.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Whether your business is a local SME or a global enterprise, the consequences of noncompliance will be damaging. As recent events such as Cambridge Analytica scandal suggest, the stakes relating to the social, economic and political value of data have been raised for companies, individuals and governments across the world. Consequently, local GDPR regulators will take an active approach to adherence to the rules and spirit of the regulation.

The regulation states that breaches include, but are not limited to, misuse of data, such as when an individual’s data is used in marketing material where permission has not been given, or when appropriate security is lacking, leaving companies and individuals open to criminal activity.

How are firms preparing? Many recognise the necessity to develop appropriate governance, process and systems to enable them to comply with the GDPR on an ongoing basis. While IT departments work to upgrade and secure businesses’ tech systems, HR teams will need to instruct employees in the new requirements for compliance and to communicate it to clients.

Some firms have opted to hire dedicated Data Protection Officers, others have appointed people on a voluntary basis or hired external agencies. The extent to which firms are prepared for the incoming regulation depends on the company and its board accepting the importance of GDPR, from not only a compliance perspective but also from the perspective of the benefits that can arise from a well-considered change programme.

This process will require teams to understand and monitor everything from technology contracts to cloud-based software services. Indeed, a recent Deloitte survey showed that only one in ten global companies effectively monitor and identify data activity by their sub-contractors and, instead, rely upon third parties to examine fourth- and fifth-party activity.

It is important to note that all organisations will be held responsible for the use of data on their behalf and, consequently, it is imperative that they are organised and appreciate what and how the data they are responsible for is being used by others. The real significance of GDPR is where the regulations place responsibility for compliance.

These regulations stipulate that the onus of responsibilities lies with a board-level member of the company, and the need for evidence to demonstrate that a company has taken clear steps in its attempts to be compliant. Firms that fail to recognise and track the origin of their data may struggle to develop well-defined systems for GDPR.

The size of a firm is not always the defining factor in this issue – the amount of different systems in use and the ease of tracing data relating to an individual are what counts. There will be a need for firms to hold internal audits on the data they hold, to understand from where it originates and whether it should be corrected or changed, and this procedure noted for future reference within the firm.

It is also important that firms continue their efforts and do not cease implementing these standards after the May deadline has passed. In 2016, the UK Financial Conduct Authority revealed that the number of reported incidents of cybercrime within its jurisdiction had jumped to 75 for the year to date from five in 2014.

If the regulator’s fine is not enough to incentivise companies into action, the irreversible reputational damage to companies associated with data breaches shows that serious loss of trust and customer support may occur, which will take longer to rebuild than lost revenues. Firms have very little time to prepare for the introduction of GDPR, and it is important that those at the top of organisations recognise the significance of these regulations.

Implementing compliance may seem monotonous, but once the initial systems are in place, GDPR will make doing business safer and more in line with the social and political direction that technology is taking us in.