In our years of providing managed IT services, U.S. Computer Connection has seen data protection software come and go. We have encountered plenty of data breaches and helped business owners of all business sizes protect their data and sensitive employee information. In the current digital age, we find our managed IT services are in higher demand than ever.
While most of our clients are familiar with computers and basic protection, they may not know the type of protection their companies need. Specifically, we see many clients who are unfamiliar with General Data Protection Regulation (GDPR). It is regulated through the European Union (EU), so some United States clients think it does not apply to them. In reality though, being noncompliant with GDPR could land you and your company in serious trouble.
What is GDPR?
GDPR officially goes into effect on May 25, 2018. GDPR’s legislation protects personal information although its main focus is on data breaches within businesses. In many cases, businesses are not aware data breaches have occurred until it is too late. As a result, thousands, perhaps millions, of customers are adversely affected. Their credit or debit cards are compromised, their identities and personal information are stolen and the business itself is at fault. GDPR legislation is meant to protect businesses, especially small and mid-size businesses using managed IT services, from litigation.
According to HelpNetSecurity.com, it takes the average business 201 days to detect a personal or business-level data breach. In other words, hackers or scammers have almost a year to get their hands on sensitive information and use it however and whenever they want. GDPR seeks to define personal and sensitive information and requires companies to provide a “reasonable” level of protection to their data and employees. Additionally, GDPR is designed to help business owners and employees weed through the thousands of breach alerts they receive every day. Many of these alerts turn out to be false, which encourages business owners and employees to lay their guard down.
New Rules Under GDPR
One of the biggest changes to data protection under GDPR is the 72-hour rule. Under this rule, compliant companies have 72 hours to report a suspected breach. Full disclosure is required. Reporting employees or owners must provide their supervisory authority (SA) with all information about the breach’s nature. This includes the type of breach, expected consequences, how far those consequences will reach and when and how the computer system (s) were infiltrated.
GDPR requires every business to have a supervisory authority (SA) on the premises at all times to ensure GDPR compliance and head up damage control should a breach occur. GDPR requires a long list of actions to take place within those critical 72 hours, and without clear guidance, business owners are concerned chaos could ensue.
What Non-Compliance Costs
Along with the inherent costs of data breaches, such as identity theft, non-compliance carries huge monetary costs. It is up to each Member State to determine sanctions for noncompliance, but the EU can fine companies up to 20,000 euros (double in American dollars), or up to four percent of a company’s total global turnover.
If you have questions about GDPR compliance, want to make sure your company is compliant or want to learn more about what we do, please contact U.S. Computer Connection today.