Here at Kind Consultancy, the Governance, Risk & Compliance team have a successful track record in helping our clients prepare for specific regulatory changes, recently helping their clients across financial services and banking with SMR and MiFID II. We’re now working together across the GRC and Information Security teams on our first joint project – GDPR. It’s a major change to data protection laws, and failing to comply with it comes with heavy fines – but still some people I speak to admit their organisation isn’t ready for it, and some are still very unclear on what exactly it is.
GDPR is the Europe-wide General Data Protection Regulation and it comes into effect in the UK in May 2018 and represents the biggest change to data handling protocol since the Data Protection Act of 1998. The biggest differences include an expanded territorial scope, stronger consent conditions for obtaining data, a requirement for a named Data Protection Officer for companies processing more 5000 data subjects a year, and a much greater risk to non-compliant companies, with the risk of a fine equalling up to 2% of an organisation’s annual worldwide turnover.
While that sounds dramatic we’ve seen harsh penalties for non-compliance on previous regulatory changes, and at present many companies are still not ready for the May 25th 2018 deadline – and the UK government has indicated that it’s going to apply in the UK regardless of what happens with Brexit, so there’s no getting around it. It may seem like that deadline is a long way off, but you need to take into account the total timeframe from an initial IT audit on existing policies procedures and frameworks around data all the way through to implementing changes in order to reach business-as-usual across your entire company that is satisfactory with the regulators.
If your organisation is in need of a specialist to implement and embed the changes necessary for GDPR, we’re confident that our pre-qualified talent pool and extensive industry reach uniquely position us to help you find the people your organisation needs – and if you’re not yet sure of your specific requirements, we can help you to map them out. Whether this is an opportunity for a permanent addition to your information security staff, or you want to bring in an interim professional on a contract to work specifically on GDPR readiness and transformation, contact me for a confidential discussion about your needs on firstname.lastname@example.org or 0121 643 2100.