What is GDPR?
A lot of you may have heard the term lately GDPR, and being an acronym simply tuned out, and continued with the more important things at work. For those that may have been inquisitive and wanted to know what it stands for, you would have found out the acronym for GDPR is General Data Protection Regulation.
Okay…” that’s interesting” …perhaps you thought…and upon further reading you would have discovered that it’s a privacy law being enforced by the EU and the UK on May 25th, 2018. At this point, my guess most of you probably moved on after finding this little titbit “boring”; thinking that it won’t apply to us in Australia or outside the EU.
What’s the penalty for failing to comply?
The reality is that the GDPR will replace a series of national privacy statutes that will combine them into one piece of legislation that will be an all-encompassing tool to regulate the privacy across the 28 countries of the EU. This “legislation” or “law” will have a series of penalties associated with failing to comply which will be as high as €20M or 4% of the company’s global turnover, whichever is greater! …Yowch! That could severely impact a company’s profitability.
Will it affect me if living outside the EU?
Inside this nifty piece of legislation is a device that permits the EU to enforce its legal presence outside of the EU. Hopefully by now I have your attention! No, this device is not the Terminator or Arni! This device is simply a binding law that means you do not need to have any physical or legal presence in the EU to be directly regulated.
What this means is that if you offer your goods or services to people in the EU, you will be required to comply with the GDPR. So, if you are a brick and mortar retailer selling Vegemite to Doug in the UK or an online store selling iPhone cases to Mario in Italy, you will need to comply. And it’s not just physical goods, if you’re an entrepreneur selling an e-Book to Jean Claude in Belgium you will also need to comply.
Will my business need to be accountable?
Elizabeth Denham delivered this speech at a lecture for the Institute of Chartered Accountants in England and Wales in London on January 17. She discussed the role of accountability in the GDPR, noting: ” We’re all going to have to change how we think about data protection.”
“But arguably the biggest change is around accountability.
The new legislation creates an onus on companies to understand the risks that they create for others, and to mitigate those risks. It’s about moving away from seeing the law as a box ticking exercise, and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation.”
So where is your business?
Whether you are selling to the EU or not, you need to make sure your business complies. Government authorities around the globe are implementing similar legislation to ensure consumers are protected, for example Australia amended its Privacy Act to include the Notifiable Data Breaches Scheme which introduces an “obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. This notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner (Commissioner) must also be notified of eligible data breaches.”
What do I need to do?
There are many elements in your business that you will need to address, and your business will need to take the steps to secure certain categories of personal information.
Paisley can play an important role in helping you achieve standards compliance and maintain the integrity of your IT infrastructure. Figuring out how to comply doesn’t have to be complex and expensive. We’re already familiar with the standards and our complete managed services model enables us to quickly identify any areas of your IT network that are not yet up to standard.
Security Vulnerability Assessment
To assess your level of current compliance, we are offering businesses for a limited time, a free vulnerability site scan. We’ll conduct a non-intrusive network scan that focuses on the seven key areas so that we can establish a baseline for making improvements. These seven areas (known as SAS70) have been defined by the American Institute of Certified Public Accountants.
The Security Vulnerability Assessment analyses various aspects of security, such as your password management policy, the status of your antivirus software, and your patch management which will aggregate the results into a score of the vulnerabilities of the site. We will present the issues that contributed to the score and what you can do to improve the site’s score.
If you would like to book a free security vulnerability assessment, please call 1300 326 748 or visit our website to book online. This is security vulnerability assessment is free for a limited time so be quick to secure your time. https://paisleyaustralia.com.au/vulnerability-site-assessment/