Latest News

Money laundering is a dirty business

09 November 2018

Criminals employ a range of techniques to clean their “dirty money”, with the scale of money laundering having a devastating impact, so it's important that you understand how to check for the warning signs of financial crime – and what to do if you suspect criminal activity. Read More...

Concern raised over Scotland's proposed land register

08 November 2018

Much of Scotland’s land will remain outside the proposed Register of Controlled Interests in Land, according to a draft report by the Environment, Climate Change and Land Reform Committee. Read More...

Get up to Speed on the GDPR

Wednesday 15 February 2017

New EU data protection laws will apply from 25 May 2018 which will have a dramatic impact on your business and the way you hold customer information.

The new GDPR regulations build on the UK Data Protection legislation and is designed to strengthen data protection for individuals within the European Union, and give those people the ‘right to be forgotten’.

In May 2018, the General Data Protection Regulation (GDPR) will become law, but it will take some months to get UK businesses ready for it. Most business bosses in the UK are unaware of this new regulation, don’t understand it, or are unaware of the consequences of non-compliance. But that will be no excuse if you suffer a loss of data.

What you need to know

If your business loses data, has been negligent or suffered a service attack, malicious or internal hack that puts people’s rights at risk, it must notify a data protection authority (the Information Commissioner’s Office) and the people that are affected within 72 hours of becoming aware of it. Should this 72-hour deadline not be met, your business could be fined up to €10m, or 2 per cent of global annual turnover, whichever is greater. A two-tiered sanction could lead to fines of up to €20m, or 4 per cent of global annual turnover, whichever is greater, for breaches which have been deemed to be most important.

Despite Brexit, businesses that hold any piece of information about any EU citizen, or do business in the EU, will be impacted by GDPR. It is enforceable regulation that is applicable to every UK business regardless of size or market.

Whilst we can assume outsourced services such as hosting companies and 3rd party software providers will be doing all they can to comply, it is important to undertake due diligence to ensure that they are.

So what do you need to do?

Make sure you are aware of the risks to your organisation and that your legal requirements are understood. You will need to identify where your data is stored (hosted servers, cloud solutions, paper records) and be aware of what type of data is being held.

Planning for data breaches by having a clear actionable process in which to identify who or what is accountable is advised. You may need to show that you have adequate cyber security in place and that compliance is monitored.

Review your policies, procedures and mechanisms for gathering, using, sharing and protecting personal data. By beginning to implement data protection policies and solutions now, your company will be in a much better position to achieve GDPR compliance when it takes effect. 

This is the biggest change to Data Protection in almost 20 years, since the introduction of the UK Data Protection Act. Whilst May 2018 may seem a long way off, when you consider the amount of preparation to be done, it is not.

The sooner you look at and address the issue, the more chance you have of avoiding the severe risks within your organisation.