search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
roundtable


May 25. “It will be mandatory to give breach notification within 72 hours, said Richmond-Coggan: “You have to do this even if the breach is unlikely to harm data subjects. You don’t want to still be developing your strategy when a breach occurs – you need to have a tried and tested response plan, so you can show to the Information Commissioner’s Office (ICO) what effect the breach had, and demonstrate that staff have been adequately trained.”


More breaches are likely to be highlighted as companies become more switched on to the GDPR definition of what is defined as a notifiable breach. “We could see the ICO becoming concerned if they don’t receive notifications from companies as that might imply they aren’t monitoring and reporting properly. Businesses should set up an internal system to triage breaches – work out how serous it is, and what you need to do,” added Richmond-Coggan.


Bunker: “A breach is one side of GDPR – you can also be fined for non-compliance. Focusing only on an attack and data loss could be a false economy; you also have to think about other things that might affect you, for example a customer’s ‘right to be forgotten’, which could be a costly process to complete. There’s a risk of the ‘weaponisation’ of GDPR with multiple ‘right to be forgotten’ requests being made maliciously that could force an organisation to grind to a halt. It’s something the ICO needs to consider.”


What are the essential items in a GDPR plan?


Bunker: “Have a team in place to deal with breaches, with a clear set of rules to follow, and know how far up the organisation you escalate the action. If a breach affects millions of customers then you’re talking CEO level involvement. Using e-forensics is helpful, especially if ransomware goes into hibernation on your systems, which makes it harder to detect and deal with.”


Riley: “Seeing what has happened in a data breach isn’t easy without an e-forensic tool. You might have to contact a wider audience than has been affected, which could attract negative attention, so you have to know how to deal with the situation.”


THE BUSINESS MAGAZINE – MAY/JUNE 2018


Richmond-Coggan: “If you have cyber risk insurance you will probably have to be able to provide a costed solution showing what action you will take to make things right. It’s not necessarily all negative – being GDPR compliant can have business benefits as it shows you have processes in place to protect data and that could be a competitive advantage.”


Bunker: “You need to think what data is contained in printed reports. You need to be able to track these as well. GDPR makes you think about what information sits in your business, for example, is it with suppliers and can customers access it if they ask to? We are seeing clients using e-forensics even though no incident has occurred, rather than waiting, so they can act immediately if an incident happens.”


Melton: “You need to look at your business culture and change attitudes, so data protection is a priority.”


Davis: “A plan needs to be achievable. It’s easy to put together a document that meets GDPR requirements, but can you deliver on it? Will key people be available and contactable? Have you tested the breach process?”


Matt Riley


How far do you think the businesses you interact with are on the road to GDPR awareness and compliance?


Bunker said most weren’t near being compliant. Riley and Melton thought partial progress had been made with some, but not all. Richmond-Coggan said some clients were ahead of the curve, but awareness with SMEs was still very low. He was worried that uncertainty had become an excuse to do nothing about it.


A final observation was that some companies are comparing GDPR with the year 2000 millennium bug, except that this time there are real consequence that have so far been under-estimated. Richmond- Coggan closed the roundtable with the observation: “Everyone had heard of the millennium bug, took it too seriously, and not much happened. With GDPR, not enough businesses have heard of it, and those that have aren’t doing enough about it when they could face fines and a loss of customer trust.”


Paul Ridley


Will Richmond-Coggan businessmag.co.uk 21


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84