Legal expert Dan Hyde, partner at Pennington Manches and the founder of CyberCounsel, explains why GDPR compliance is not something that can be ignored by British businesses, just because we’re leaving the EU.
The UK government launched its five year National Cyber Security Strategy in November 2016, investing £1.9bn to protect UK businesses from cyber attacks and make the country the safest place to live and do business online.
It may seem overwhelming, but tackling the EU GDPR strategically and logically will make the task more manageable for businesses.
For the last 20 years, brands have followed consumers around the internet, surfacing spammy retargeting ads for products they already have. This kind of “personalisation” has been driven by a use of browser cookies and mobile IDs – and needs to end. Instead, all hail permission-based marketing.
The IPSA breach saw private and confidential details regarding MPs – including salaries, working patterns and holiday entitlements – exposed to the public. But it wasn’t a criminal conspiracy. It was an accident.
Whilst the GDPR will introduce significant changes to data protection legislation – completely overhauling the current legal framework – many bosses still haven’t given thought as to whether current processes comply with the new law.
Wonga has become the latest company in the data breach hotseat – and many have used the incident to talk about GDPR and cybersecurity.
Access to increasing levels of customer data has been a real game changer for businesses in recent years, but will it be possible to remain more personalised in an age of privacy?
Prior to the GDPR (General Data Protection Regulation), the EU Data Protection Directive made headlines in 1995 as the first official set of rules governing consumer privacy. But since then, we have become more connected than ever before.
This month, the information commissioner’ s office (ICO) fines TalkTalk for failing to adequately protect its customers’ personal data. The record-breaking £400,000 penalty followed a cyberattack of which the telecoms provider was the victim, however the incident brought to light serious failings in its data practices.
The need for data protection and privacy to be a strategic pillar within every firm will be greater than ever with the arrival of GDPR – the General Data Protection Regulation – which will step up data security requirements. But GDPR does not have to be a threat for those that ask the right questions and make the right decisions.