Cyber Risk and GDPR Preparedness: Are You Ready?

June 13, 2018

Cyberthreats have become common – but that’s no reason to become complacent. As the risks grow and evolve, businesses must remain vigilant. It’s not just a matter of protecting their operations from cybercriminals, although that’s important. Companies also have to comply with new regulations, particularly the EU General Data Protection Regulation (GDPR).

The EU Regulation Impacts Companies Around the Globe.

Don’t make the mistake of thinking you can ignore the EU GDPR just because you’re not located in the European Union. The new regulation applies to any business that offers goods or services to people in the EU. It also applies to any business that handles the personal data of people living in the EU.  Organizations found to be in non-compliance with the GDPR could be fined up to 4 percent of their annual global turnover or €20 million.

Under the GDPR, companies have several responsibilities. These include the following:

  • Consent must be given before data is collected or processed. This must be done in a clear and straightforward way, and any consent given must also be easy to reverse.

  • People must be given access to their personal data, free of charge, upon request.

  • Under the so-called right to be forgotten, personal data must be erased under certain circumstances upon request.

  • Prompt breach notification is mandatory.

Learn more about the regulations at EUGDPR.org.

Enforcement of the GDPR went into effect in May. Since then, companies have adopted difference compliance strategies.  

  • Many websites have added new pop-ups that explain how cookies are used and prompt users to accept the terms of service. You’ve probably seen a number of these already.

  • Econsultancy reports that some businesses, including multiple U.S. news sites, have blocked website access to EU residents rather than tackle compliance.

  • Some companies are worried about unforeseen issues as they try to achieve compliance. For example, Computer Weekly discusses what the right to be forgotten means for backups.

Cyberthreats Continue

While the GDPR is getting a lot of attention, remember that other threats continue to pose problems for businesses. These threats include:

  • Ransomware and other viruses

  • Data breaches

  • Denial of service attacks

To limit your cyber risk, it’s important to do the following:

  • Be aware of relevant regulations, both in your country and around the globe, including the GDPR.

  • Understand how your organization collects and handles data.

  • Keep hardware and software systems up to date and use anti-virus programs and firewalls.

  • Train all employees on cyber safety.

  • Have plans in place in case your organization suffers a data breach, virus or denial of service attack. Know how you will respond and how you will notify affected customers.

  • Maintain backups.

  • Maintain a cyber liability insurance policy.

 

Have questions about managing cyber risk? Heffernan Insurance can help. Contact us to learn more.