It is debatable that GDPR is a topic which has quickly been forgotten about. Expert Thorsten Kurpjuhn, European Market Development Manager at Zyxel, reminds readers of the necessity of being GDPR-compliant and avoiding hefty fines.
We are one year after the implementation of the General Data Protection Regulation (GDPR) and it feels like silence has fallen over the topic. This time last year, businesses and consultants were frantically trying to ready themselves for the big day and not much has happened since. We are yet to see just how exactly the legislation will be enforced but, in the meantime, it seems that we have turned a blind eye to the issue.
This is, however, a risky game. GDPR requires businesses to do all they can to ensure data security. Yet what we have seen so far was a flood of opt-in emails, suggesting that businesses have so far only scratched the surface of what the legislation is asking them to do. The focus has primarily been on how data is obtained, rather than how it is managed and businesses have paid little attention to how securely it is stored.
The simple truth is that if businesses have outdated network security, they run the risk of a serious cyberattack, resulting in a breach of both data by malicious third parties and GDPR compliance. However, there isn’t a network in the world that is completely safe and unbreachable. As technology develops, it is increasingly hard for IT teams to keep up and near-impossible for a basic firewall to identify all of the malware it encounters.
But this is no reason for businesses to stop trying to protect their networks and consequently, their customer data. We have already seen the first small fines issued for GDPR violation, for example the Austrian DPA imposed a €4,800 fine for illegal video surveillance activities, and a €400,000 fine was imposed in Portugal on a hospital after staff members illicitly accessed patient data. I expect these fines will bring the topic back to the centre of attention.
Strengthening networks to protect data must be a priority for a business of any size. This is because even those who are handling data in a compliant way, but are using an insecure network, are vulnerable to big-ticket fines that can bring their business to an end.
Small and medium-sized businesses are particularly at risk, given that they still tend to rely on domestic routers, rather than secure firewalls. GDPR-compliant protocols may mean that while data is now largely anonymised, businesses will still have current and sensitive data on the system, even if that is only their clients’ names and contact details. Moving such data across an insecure network increases the threat of a breach.
It is obvious there is still a lot of work businesses need to do in order to avoid GDPR-related problems in the future. With high financial penalties and reputational damage at stake, GDPR’s impact will keep growing in 2019, but businesses still have time if they act now.