Now that GDPR is in force will this make our data safer…..
The volumes of data running through businesses in the UK is difficult to visualise and practically impossible to safeguard so will GDPR actually make any difference to our data being better protected? The chances are that it will be but the same inherent threats will still exist.
So what are these threats ?
1.Businesses that have not yet complied with GDPR
In the the run up to GDPR a number of reports indicated that many business were behind in achieving the required standards expected there is therefore a danger that firms are still very much behind the curve in meeting the GDPR standards.
2.Inability to restore data
In the event of a compromise of personal data it will be important that a businesses can restore data by having the appropriate back-ups in place if this is not possible this will impact on their business confidence and reputation.
3.Internal espionage
Rogue employees or a disgruntled member of staff might wish to cause disruption or make a point on a company wide issue. Morrisons were recently involved in a court case and found vicariously liable for the acts of an employee who gained access to the personal details of employees and released this into the public domain.
http://www.hrmagazine.co.uk/article-details/the-morrisons-data-breach-and-gdpr-compliance
4. Heightened cyber security threats
It is conceivable that there will a visible increase in cyber attacks on businesses as hackers will target firms for their data and exploiting vulnerabilities. Such threats as ransomware or a DDos attack where a hacker could hold a business to ransom by threatening to steal or disseminate data.
http://cyberbrokers.co.uk/will-ransomware-attacks-increase-under-gdpr/
5. Poor cyber risk management
A data controller with poor cyber risk management would be a prime target for a hacker. Basic cyber hygiene is vital with minimum standards of Cyber Essentials and preferably ISO27001 advanced cyber security processes in place.
6. The absence of an incident response plan
If a businesses is hit by a data breach it will need to react quickly to this, an incident response will assist with this . Business continuity and disaster recovery plans should also be in place so that the business can continue to operate.
Cyber Insurance can help….
This specialist form of insurance can provide valuable coverage in the event of a data breach and help mange the impact of this.
The main elements of coverage provided to protect data are as follows:-
- Privacy Liability
- Data notification costs
- Regulatory costs and expenses
- 24/7 Incident response services
There is no doubt that data will still be at risk with threats to its security emerging as technology and the incentives to use data for ill means increases.
Image : Shutterstock