Day by day, we are seeing more and more articles related to GDPR and the impact on a business if you get hacked.
One of the biggest issues, I feel, is that no matter how many precautions you put in place to secure your business from hacking, there will always be new vulnerabilities, and the hackers will become more and more innovative to break through security measures.
Where does it all end? At what point is your business and data safe, there are so many different types of adherence, PCI DSS, GDPR, ISO27001, ISO9001 – these can be just the start.
Most vulnerabilities come from browser or OS, see the recent breaches within the NHS for example:
The cost to improve the NHS IT systems to prevent this attack from happening again was £5.5 million. This was merely the cost for patching. In order for all of the latest vulnerabilities to be patched, they would need to be fully up to date, a cost which could reach 10 times that, due to legacy equipment and systems being used in key areas that are not compatible with upgrades.
Even once the equipment is up to date, a business is not guaranteed protection.
At what point will the cost to a business become more than the cost of the fine? Will businesses start investing less in security because the expense just isn’t worth it?
The new General Data Protection Regulation (GDPR) will encourage businesses to improve their overall data handling and security, but adhering doesn’t promise complete protection. That requires smart employees, savvy systems, and a large security budget.
This also brings up another issue when it comes to UK businesses. GDPR is an EU regulation, so whilst UK businesses may not have to adhere for UK to UK business post BREXIT, you are affected if you do business with any EU entity.
This probably means the cost of doing business with the EU is going to rise from late 2018.
There are plans in place to implement a UK-GDPR too, so don’t hold back on securing your organisation just yet.
How will GDPR affect you? Are you ready? Should there be financial incentives as opposed to penalties to adhering? Add your comment below.