GDPR & data security

Posted on Sep 24 2016 - 8:05am by John Peters
RATING

Only 4% of SMEs understand impact of GDPR Most small and medium sized businesses (SMEs) in the UK have either not heard of, or are uncertain about the impact of, the EU’s General Data Protection Regulation (GDPR), which was adopted in April 2016 and takes effect within two years.

In the latest Close Brothers quarterly survey of UK SME owners and senior management, 82% have either not heard of GDPR or don’t understand its impact; a further 14% say they will need to take further advice.

Only 4% of SMEs say they understand the legislation and are clear about the effect GDPR will have on their business.  McVicar,

In the latest Close Brothers quarterly survey of UK SME owners and senior management, 82% have either not heard of GDPR or don't understand its impact; a further 14% say they will need to take further advice.

In the latest Close Brothers quarterly survey of UK SME owners and senior management, 82% have either not heard of GDPR or don’t understand its impact; a further 14% say they will need to take further advice.

Managing Director of Close Brothers Technology Services, said: “GDPR is one of the most significant and anticipated pieces of legislation conceived in the EU in recent years. It is intended to strengthen and unify data protection for individuals within the EU. What these results demonstrate is that there is a clear lack of understanding at all levels and across all sectors.”

To help businesses prepare for GDPR, Close Brothers Technology Services is working with International Data Corporation (IDC) and developing a series of business guides on the subject.

Sean Callanan, Director of Technology Services, said: “Our focus will be on the areas where technology can help businesses prepare for GDPR, because much of the regulation is actually about process. However, some elements can only be enabled or managed through technology.” To get a copy of the first Close Brothers Technology Services IDC report, please contact Nick Moody, Director of Business Development at nick.moody@closebrothers.com.

www.closebrothers.com

Data Protection Offier shortage must be addressed

Seven thousand Data Protection Offiers will be needed in the UK by May 2018 in order to comply with new EU data protection rules – regardless of Brexit, warn GO DPO and Henley Business School. GO DPO, the strategic partner for the Henley Data Protection Offier (DPO) Programme, estimates that around 7,000 large companies (employing in excess of 250 GDPR & data security must be undertaken as a matter of urgency in order to protect business continuity in the face of one of the biggest shake-ups in data protection for over two decades.

“Our DPO Programme isn’t about simply training DPOs to be compliant with European data protection law but is designed to help senior compliance managers make the step up to the new breed of DPO required under the GDPR. It also opens the door for the private sector to train senior consultants to provide a high-quality DPO managed service that will become an industry in its own right over the next couple of years.”

The DPO Programme can be experienced free by registering for the ‘Getting Started’ interactive Module – just click on the green ‘sneak preview’ button on

www.henley. ac.uk/dpo

The real question

Speaking about Brexit and the GDPR to an audience of over 200 senior managers from across the fiancial services sector, Alexander Brown, partner at Simmons & Simmons and head of the firm’s TMT sector group, said: “While there was stiff opposition to many measures contained in the EU General Data Protection Regulation during the negotiations with the UK Government, it’s highly unlikely that the Data Protection Act 1998 will remain in place without some form of reform. In any event, it will be diffiult to avoid the implications of the GDPR for many financial services (FS) clients that conduct business across the EU and therefore will need to comply with it.”

He added: “The really interesting question – as yet to be decided – is whether the European Commission will recognise the UK as an ‘adequate country’ for the purposes of cross-border personal data transfers or whether the UK could suffer the same fate as the US where transfers of data have been made more problematic through the scrapping of the US Safe Harbor.”

According to the experts, the most likely outcome is that the EU will make a determination in favour of the UK as an ‘adequate country’ given it’s been at the forefront of providing legal protection for consumers with respect to personal data for over three decades. The UK was one of the fist countries in the world to empower its Data Protection Authority to impose fies for personal data breaches.

Will the European Commission recognise the UK as an ‘adequate country’ for the purposes of cross-border personal data transfers?

employees) will need to recruit and train at least one DPO each over the next 24 months. That equates to having to train around 14 DPOs every single working day between now and when the EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018.

Darren Verrian, CEO of GO DPO, said: “This headline fiure of 7,000 DPOs isn’t a wild exaggeration; if anything, it is an under-estimate of the actual requirement, as many banks and insurance companies employ more than one senior manager to fulfil the requirements of a DPO whose role can involve handling millions of customer and client accounts.”

He added: “Our conservative calculations are based on fiures published by the BIS at the end of last year and exclude 33,000 medium-sized companies that employ 50- 249 employees, many of which will also need to appoint a DPO. Not all companies will want to employ an in-house DPO, but will opt for a third party-provided DPO managed service. However, these independent contractors will also need to be trained.” Henley Business School has responded to demand for senior manager training by launching its own Executive Education DPO Programme.

Mike Davis, Head of Open Programmes at Henley Business School, said: “What the underlying fiures for the recruitment and training of a DPO conceal is the vast amount of changes to data processing policies, processes and procedures thatmust be undertaken as a matter of urgency in order to protect business continuity in the face of one of the biggest shake-ups in data protection for over two decades.

“Our DPO Programme isn’t about simply training DPOs to be compliant with European data protection law but is designed to help senior compliance managers make the step up to the new breed of DPO required under the GDPR. It also opens the door for the private sector to train senior consultants to provide a high-quality DPO managed service that will become an industry in its own right over the next couple of years.”

The DPO Programme can be experienced free by registering for the ‘Getting Started’ interactive Module – just click on the green sneak preview’ button on

www.henley. ac.uk/dpo

The real question

Speaking about Brexit and the GDPR to an audience of over 200 senior managers from across the fiancial services sector, Alexander Brown, partner at Simmons & Simmons and head of the fim’s TMT sector group, said: “While there was stiff opposition to many measures contained in the EU General Data Protection Regulation during the negotiations with the UK Government, it’s highly unlikely that the Data Protection Act 1998 will remain in place without some form of reform. In any event, it will be difficult to avoid the implications of the GDPR for many fiancial services (FS) clients that conduct business across the EU and therefore will need to comply with it.”

He added: “The really interesting question – as yet to be decided – is whether the European Commission will recognise the UK as an ‘adequate country’ for the purposes of cross-border personal data transfers or whether the UK could suffer the same fate as the US where transfers of data have been made more problematic through the scrapping of the US Safe Harbor.”

According to the experts, the most likely outcome is that the EU will make a determination in favour of the UK as an ‘adequate country’ given it’s been at the forefront of providing legal protection for consumers with respect to personal data for over three decades. The UK was one of the fist countries in the world to empower its Data Protection Authority to impose files for personal data breaches.