This page contains a Flash digital edition of a book.
71


He highlighted that cyber security insurance was now available and developing, but, despite extensive media coverage, trying to get SME clients to understand that they are at risk to hacking and online scams was still a challenge for the industry. “It should be the perfect time for people to wake up to cyber crime, but they are not, and selling such insurance is still a hard sell.”


“This (GDPR) brings in another completely different dimension.”


Evans agreed with Wilson that SMEs would be slow to react to GDPR. “The big boys, however, will all get in straight away and do what is required.”


Clarke disagreed: “There is quite a mix within different sectors. There are those that already have dedicated DPOs who are forward thinking and are taking action, and others where it will be the end of the month before they wake up to it.”


In the consumer markets, retailers are generally not bad at reacting quickly, he added, but the professional services sector was traditionally slower. And, the GDPR raised a number of fresh crossover requirements between sectors and teams, such as monitoring and encryption, which would increasingly put pressure on cyber security teams within corporates.


a differentiating USP for those first to comply within a competitive supply chain and we are seeing some organisations seeing this as a business opportunity.


Kolah suggested that the GDPR might also raise risk profiles within companies, leading to higher premiums for certain insurance lines.


Wilson mentioned that the new Insurance Act being introduced on August 12 will require ‘a fair representation of risk’ from an insured company. This risk assessment would involve more collection of relevant information by insurance advisers from senior management, third-party suppliers etc “... and frankly businesses are not ready for this.


“The big blue-chips may have risk managers employed to do this, but the average Thames Valley family engineering business, for example, will have to rely on their FD or owner.


“We’ve just had auto-enrolment of pensions, and most SMEs didn’t have a clue at first. This will be the same, and people will only take notice when the fines start to get handed out.”


Brett: “Compliance with an new regime is often hit and miss at first. Businesses will want to see how seriously the regulators are taking breaches, it was the same with heath and safety legislation when it was first introduced. People started to pay attention to it when businesses began to be prosecuted for breaching it.”


Wilson felt that individual consumers might be a catalyst to GDPR compliance – “If they choose to act when their personal data or privacy has been breached” – but he agreed that the regulators would tackle compliance top-down, by making well- publicised examples of major infringing companies.


Nigel Stratford-Way


Clarke also pointed out that although resources might be at hand, the size of an organisation was not always a bonus.


Although introducing simplistic legislation was easier in large organisations, he noted: “Given how big and unwieldy these beasts (eg large corporates, employing a number of third parties to deliver their business capabilities) have become through organic evolution and growth, it is actually very challenging to implement such changes quickly across an ‘extended enterprise’, especially in the IT space. With smaller organisations that ability to observe, orientate, decide and act to change, and see the opportunities in amending an operating model, is more straightforward.


GDPR inspired change could end up being THE BUSINESS MAGAZINE – THAMES VALLEY – JUNE 2016


Evans agreed that some quick enforcement action would stop people ‘hiding their heads in the sand’ and produce the necessary cultural shift to prompt GDPR compliance.


Data loss, compliance breaches and spring- cleaning


“So, what happens if someone gets hacked?” asked Morrin.


Clarke of KPMG cyber security suggested that asking a cloud provider to explain the security measures within its background hosting structure would go a long way to providing an increased level of confidence for any business user – greater due diligence.


“However, if they were hacked, they might lose their good name, but under the current Data Protection Act legislation they are doing what their clients’ ask


Ardi Kolah


Hickley added that the GDPR had introduced a mandatory 72-hour reporting deadline for any breach or loss of personal data. Significantly, the GDPR would also crack down heavily in terms of any fines incurred, on those companies who have over-collected and retained personal information by “shovelling in data, that they’ll never use”.


While recommending an immediate ‘spring-clean’ and deletion of non-essential data held within companies, Hickley emphasised: “You should only collect data for which you have an end use, not because you might need it. Otherwise, you will get crucified.”


Davis summed up the discussion: “If organisations have clearly started to put steps in place to eradicate any non- compliance, breaches or hacks, then there is the opportunity for regulators to be more lenient on them should any occur. But, the message is plainly: understand the GDPR better, look at training and development opportunities, but get onboard with it now.”


If you’d like to learn more about data protection and privacy laws as they impact business continuity and what you should do now in the current transition period to full GDPR, check out the details of the DPO Programme or alternatively contact Gemma Jones, business development manager, Henley Business School on 07971-505247 or email gemma.jones@henley.ac.uk.


businessmag.co.uk


of them, acting as the data processor – within the terms and conditions everyone knowingly signed up to.” That legislative backstop might be changing under the GDPR, he suggested.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76