Businesses across Europe are busy making sure they are GDPR compliant ahead of its looming deadline of May 25th. The fast-approaching legislation will give consumers more control over how their personal data is being used and significantly increases the pressure on businesses to protect and secure customer information.
Those who don’t comply will face huge financial penalties and are likely to be held publicly accountable for any misuse of customer data, potentially resulting in reputational damage and a loss of customers.
Despite its implementation being weeks away, many companies are still trying to get their plans together in order to ensure their customer data is protected. Indeed, the Federation of Small Businesses (FSB) estimates[i] that just 8% of small businesses in the UK have completed their GDPR preparations, while 34% are aware of the regulation but don’t understand its requirements.
With just 5% of EU companies[ii] believing they are compliant with all applicable requirements, there is a very real danger that businesses will be left behind as the GDPR clock continues to tick down.
So, what paint points are businesses facing and how can they have peace of mind that it’s not too late to make sure they comply with the legislation?
Storage handling
As GDPR puts strict requirements on how personally identifiable information is managed, one of the key aspects of ensuring compliance is being able to link all devices. This includes managing different data flows from backend legacy systems to mobile and IoT devices and keeping data clean.
Companies are being faced with the dilemma of whether to upgrade their legacy software systems, or completely overhaul their infrastructure and start again to meet the legislation’s requirements.
An appropriate Enterprise Mobility Management (EMM) system can help in this area by ensuring that all the data on each managed device is properly encrypted, as well as blocking unauthorised access to corporate services and enforcing appropriate data loss prevention (DLP) policies. Not only will this minimise the workload for IT teams, it will also reduce the pressure on end users who are now largely reliant on the use of mobile devices.
Repercussions for breaches
Besides facing large fines, companies should brace themselves for extensive reports and a possible freeze in the production or use of systems for breaking legislation.
Depending on the severity of the claim, time-poor companies will have to spend a large amount of time – and resources – on producing testing and validation reports, which can have a massive impact on production. EMM solutions again have a role to play here by collecting the appropriate inventory, usage, and audit logs to support a quick-response process for a breach and providing demonstrable adherence to compliance requirements.
There is also the potential for public backlash following a breach. The Information Commissioner’s Office (ICO) – responsible for enforcing GDPR in the UK – has already shown that it is not afraid to name and shame non-compliant companies, which could have a substantial impact on a firm’s reputation as consumers continue to pay more attention to how their personal information is being handled.
The combination of these factors means businesses have a lot more to fear than just a one-off financial hit and need to be prepared to deal with both the long-term and the short-term consequences of any gaps in compliance.
Building trust
Although the potential negative consequences of GDPR dominate the majority of headlines, the legislation does also have some benefits. One of the most notable is the fact companies can earn trust with both current and perspective customers by being transparent and clearly highlighting that they are compliant with the requirements.
One of the biggest issues around data protection is that consumers simply don’t know how their data is being used, who has access to it, or how well it is being protected. This can quickly lead to distrust among customer bases and tempt individuals into spending their hard-earned cash with competitors.
But, by being as open as possible with their customers, businesses can provide valuable peace of mind that any data they collect is taken care of securely, and removed from devices once any of the required actions are performed.
Even if a breach does take place, being honest and transparent with the public will go a long way towards maintaining customer loyalty.
Time for certification
A lot has been made of the punishments associated with GPDR, but this discussion should also go the other way. If companies obey the rules and comply with regulations, they should be rewarded with a certification to recognise their efforts.
This badge of honour could play a huge part in identifying who is trustworthy when it comes to handling data, and be the key distinguisher between a compliant and non-compliant business.
Indeed, firms can use this as a competitive advantage and differentiate themselves from their competitors, which could become hugely valuable as the focus on data protection continues to increase.
Ultimately, no business wants to get left behind as the GDPR deadline looms, meaning they need to act now to ensure that everything is in place by May 25th. A powerful and scalable EMM solution can help alleviate the pressure by solving many of the data security and management issues that organisations are currently facing.
Not only will this empower businesses to build trust with consumers, it will also reduce the threat of costly compliance breaches and turn GDPR into an opportunity, rather than a threat.
[su_box title=”About Richard Smith” style=”noise” box_color=”#336588″][short_info id=’104770′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.