GDPR: How businesses have adapted their technology

By: Victoria Harrison

Date: 16 April 2019

Blue sky behind a warning sign saying 'Restricted area. Authorised personnel only'The introduction of the General Data Protection Regulation (GDPR) in May 2018 has transformed the way companies store and use personal information. But it also caused problems for many businesses who struggled to make sure they were compliant. Research from Deloitte found that, even 6 months after its introduction, organisations were still "grappling with the implementation" of GDPR.

It certainly wasn't an easy undertaking. The average cost of GDPR-compliance to UK small businesses was found to be around £1,030 according to the FSB. But, with that, came a step change in how companies are using technology; adapting their processes and structures to make sure that data was and is handled in a compliant way.

Taking cyber security seriously

One significant change has been the way in which cyber security is being taken more seriously. If the subject was once the domain of IT managers, GDPR elevated it to board level. This is mainly because the consequences of not protecting data puts a business at risk of incurring huge fines, on top of the reputational damage a breach can cause.

Here, GDPR seems to be having an impact. Data released by the government found that the number of businesses experiencing cyber breaches or attacks fell by a third in the year to April 2019. This is a testament to the investment in information security solutions – whether it's for your office network, the use of cloud services or remote software services such as SSG Insight's Agility Mobile Solutions.

Improved data management

Though not an easy task at the time, businesses who carried out a complete audit of the data held as part of their GDPR compliance efforts also found there were opportunities. Redundant data that had accumulated could be erased – reducing costs spent on data storage and processing, but also getting rid of data that could pose a high risk with nominal business value.

Not only have businesses been able to improve their data management capacity by getting rid of the "clutter", it has allowed for the restructure and reorganisation of data. This not only has a benefit of enabling businesses to better understand their customers, but means data is easily accessible should a request be made to either delete data under the right to be forgotten or a Subject Access Request.

Encryption and passwords

While password policies aren't specifically referenced by GDPR, companies have introduced these as a means of protecting data. Some require employees to periodically reset passwords to avoid hacks. For other businesses, encrypted password manager/vault applications reduce the security risk further.

HTTPS

It used to be that SSL certification and HTTPS encryption was an option for businesses who sought to show an extra layer of trust if personal data is submitted through their website. Now, it neatly aligns with GDPR compliance where the transmission of personal identifiable information is concerned.

Cookies

For any website user, cookie consent became much more noticeable following the launch of GDPR. If a business uses cookies on its website for any purpose (typically for analytics or marketing), the explicit consent of the user is needed as cookies can technically identify you from your activities.

If GDPR is still causing your business headaches, these animated GDPR GIFs might help. But being compliant isn't a matter of getting to a certain point and stopping. Remaining compliant and evolving your business practices from a technological perspective will be an ongoing process.

Copyright © 2019 Article was made possible by site supporter Victoria Harrison

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.