The introduction of the General Data Protection Regulation (GDPR) in May 2018 has transformed the way companies store and use personal information. But it also caused problems for many businesses who struggled to make sure they were compliant. Research from Deloitte found that, even 6 months after its introduction, organisations were still "grappling with the implementation" of GDPR.
It certainly wasn't an easy undertaking. The average cost of GDPR-compliance to UK small businesses was found to be around £1,030 according to the FSB. But, with that, came a step change in how companies are using technology; adapting their processes and structures to make sure that data was and is handled in a compliant way.
Taking cyber security seriously
One significant change has been the way in which cyber security is being taken more seriously. If the subject was once the domain of IT managers, GDPR elevated it to board level. This is mainly because the consequences of not protecting data puts a business at risk of incurring huge fines, on top of the reputational damage a breach can cause.
Here, GDPR seems to be having an impact. Data released by the government found that the number of businesses experiencing cyber breaches or attacks fell by a third in the year to April 2019. This is a testament to the investment in information security solutions – whether it's for your office network, the use of cloud services or remote software services such as SSG Insight's Agility Mobile Solutions.
Improved data management
Though not an easy task at the time, businesses who carried out a complete audit of the data held as part of their GDPR compliance efforts also found there were opportunities. Redundant data that had accumulated could be erased – reducing costs spent on data storage and processing, but also getting rid of data that could pose a high risk with nominal business value.
Not only have businesses been able to improve their data management capacity by getting rid of the "clutter", it has allowed for the restructure and reorganisation of data. This not only has a benefit of enabling businesses to better understand their customers, but means data is easily accessible should a request be made to either delete data under the right to be forgotten or a Subject Access Request.
Encryption and passwords
While password policies aren't specifically referenced by GDPR, companies have introduced these as a means of protecting data. Some require employees to periodically reset passwords to avoid hacks. For other businesses, encrypted password manager/vault applications reduce the security risk further.
It used to be that SSL certification and HTTPS encryption was an option for businesses who sought to show an extra layer of trust if personal data is submitted through their website. Now, it neatly aligns with GDPR compliance where the transmission of personal identifiable information is concerned.
If GDPR is still causing your business headaches, these animated GDPR GIFs might help. But being compliant isn't a matter of getting to a certain point and stopping. Remaining compliant and evolving your business practices from a technological perspective will be an ongoing process.
Copyright © 2019 Article was made possible by site supporter Victoria Harrison