A full analysis of the budget and its consequences will be posted on December 5th

Cyber Security and GDPR

So what is GDPR; well for a start it’s an acronym which stands for the General Data Protection Regulation, which is a piece of legislation being brought in by the EU w.e.f 25th May 2018.

When the EU GDPR comes into effect next year, it will set a new higher bar for security, privacy rights and compliance. It will apply to all organisations in the EU, including the UK government, who have already confirmed that GDPR will remain the UK data protection standard indefinitely following Brexit).

Keeping your clients’/customers’ information safe and secure is now one of the top priorities for all businesses except for the very smallest firms and all industries are at risk. In 2016 it was reported that there was a 22% increase in cyber-crime and it is increasing exponentially.

In fact, new research from leading market analysts, Juniper Research, showed that on current trends cyber-crime will cost businesses over $2trillion by 2019. The proof is out there on the ICO’s website and in the media: the NHS, TalkTalk and Netflix; all household names, have all fallen victim.

(The ICO or to give its full name, the Information Commissioner’s Office, is the UK’s independent authority set up to uphold information rights in the public interest).

    From a personal perspective, the new regulation will ensure:

  • Individuals’ control over all their personal data
  • Extra security and controls to protect data

And from a business perspective, it means more accountability of what we do with other people’s data, how we use it, interact with it and store it.

What are the penalties for non-compliance?

To ensure these updated regulations are taken seriously, penalties of up to £20million or 4% of a business’s annual turnover (whichever is higher) for non-compliance are being currently considered as the potential punishment at the discretion of the Elizabeth Denham, information commissioner for the ICO.

Ms Denham was named one of the most influential people in data driven business in 2017, and with those kinds of penalties in her back pocket, you can understand why. However, the Commissioner has stated that there has been a great deal of myths and misinformation in the media regarding GDPR, including one highly reputable news channel reporting fines of up to one billion pounds.

Ms Denham has made it clear that any fines under GDPR will only be applied when absolutely necessary; they will be proportionate to the offence and will only be applied as a last resort.

Which Business’s will be affected by GDPR?

As the new regulation comes into effect, organisations that obtain any data will be impacted – so pretty much everyone. In a recent survey, many firms agree that despite handling vast amounts of sensitive data daily as there is so much else going on, they perhaps do not think about the back-end system that is holding this data as much as they should, or even the process of how this data moves around and out of the business.

A lot of businesses, from multi-nationals to small high street retailers, are heavily reliant on their current systems having secure measures in place, but don’t know for sure whether they are running to a standard ready for 2018 or if their security measures are woefully out of date.

Another major consideration is firms using older, custom-built systems or applications running on old servers. Are they really fit for purpose? and I’m not just talking about GDPR, but also other aspects of cyber security threats to their businesses, such as phishing and hacking.

Is GDPR why You have to make changes?

Partly, but data security and cybercrime isn’t the only element that needs to be considered. Internal operations, PAYE and employee records for example also need to be covered. Royal & Sun Alliance Insurance was fined £150,000 in January 2017 for the theft of a hard drive, while many other companies in the finance sector have received six figure fines in the last two years for marketing activity that breaches the current data laws. As these laws become more stringent, the responsibility is on everyone, from communication with the public, to how staff manage the information they are exposed to.

Some of you may be thinking; surely, GDPR is just an updated version of the current Data Protection Act and if this is the case, then my firm doesn’t need to be making any changes? The first thing to understand here is the importance of why these changes have come about, and why they are happening now. Data has and is increasingly becoming a much higher class asset for firms worldwide and pervades almost everything we do.

What do You need to do to Comply with GDPR?

For a start you need to begin reviewing your privacy, data governance policies and procedures now, as well as your computer system and security software. Other steps in the right direction to compliance could include:

  1. Identify the data you hold on your clients, which could include things such as their contact details or their business bank account information
  2. Ask yourself: ‘Do I need to be holding this data? What am I using it for?’
  3. If any client data is passed on to third parties, such as an advertising agency, check whether their systems are robust enough, as it’ll be you in trouble if they’re not!
  4. Check your cyber protection methods and ensure you or your third-party providers have taken precautions such as installing encryption software on all laptops, PCs and electronic devices you and your staff use. Is all patching up to date on servers you hold on or off site?
  5. Appoint a data protection officer, or if you’re a small firm, do it yourself

By using the above as a starting point, you will be able to work out what steps you’ll need to take to be compliant, but don’t wait until the last minute to make changes. Elizabeth Denham certainly won’t be making excuses for anyone come May 2018.

Finally, if you’re a micro-business, such as a one man or woman firm, you make be tempted to think that GDPR doesn’t applies to you, but yes it does if you store any data on customers digitally.

Image of David Jones Shrewsbury Accountant and Founder of Morgan Jones

If you would like more detailed information on some aspect of UK Tax, send me an e-mail and I’ll be pleased to advise further.

[facebook]
[retweet]

Facebook
Twitter
Email
Print
Picture of David Jones
David Jones

MJ & Co support businesses at every stage​

MJ&Co offer a free initial consultation and out of hours appointments, including Saturday morning opening, making it easier to call in to see us out of normal working hours.

We provide expert advice for all size businesses.

Have questions or need expert advice? Our team at MJ & Co Accountants is ready to assist.

Whether it’s a query about our services, a specific accounting challenge, or a request for a consultation, we’re here to offer personalised support.

professional accountants in Shrewsbury MJ & Co Accountants
 

Log In to Your Employer Portal

Efficiently manage your payroll, HR documentation, and employee communications through our secure employer portal, designed specifically for business administrators and HR professionals.
Why Use Our Employer Portal

Manage all employee details, payroll data, and HR documents from one centralised platform. This integration simplifies administration and reduces the risk of errors.

Protect sensitive employee information with advanced security protocols designed to comply with data protection regulations and ensure confidentiality.

Update your information, request appointments, and communicate with your accountant directly from the portal. It simplifies routine tasks, saving you time and effort.

Stay informed with real-time notifications on changes to employment laws, upcoming compliance deadlines, and HR best practices.

Directly communicate with your employees through the portal. Send updates, gather feedback, and manage HR inquiries efficiently, enhancing employee engagement.

 

Log In to Your Employer Portal

Efficiently manage your payroll, HR documentation, and employee communications through our secure employer portal, designed specifically for business administrators and HR professionals.
Why Use Our Employer Portal

Manage all employee details, payroll data, and HR documents from one centralised platform. This integration simplifies administration and reduces the risk of errors.

Protect sensitive employee information with advanced security protocols designed to comply with data protection regulations and ensure confidentiality.

Update your information, request appointments, and communicate with your accountant directly from the portal. It simplifies routine tasks, saving you time and effort.

Stay informed with real-time notifications on changes to employment laws, upcoming compliance deadlines, and HR best practices.

Directly communicate with your employees through the portal. Send updates, gather feedback, and manage HR inquiries efficiently, enhancing employee engagement.

Log In To Your Client Portal

Easily manage your accounts with MJ & Co Accountants. Our client portal offers secure and immediate access to all of your financial documents and resources, essential for efficient account management.

Why Choose

View and download your financial documents anytime, anywhere. Stay up-to-date with your financial status without waiting for postal mails or office visits.

Your data's security is our top priority. Our portal uses state-of-the-art encryption to ensure your financial information is protected from unauthorised access.

Update your information, request appointments, and communicate with your accountant directly from the portal. It simplifies routine tasks, saving you time and effort.

Receive instant updates and notifications regarding your account status, upcoming deadlines, and important tax changes directly through the portal.

Upload necessary documents and receive completed files directly through the portal. This feature simplifies record keeping, essential for tax preparation and financial planning.