It is very difficult to quantify the value, monetarily, of personal data held by organisations today.
However it is often billed as “the new oil” and one only has to look at the valuation of companies like Google, Facebook and Amazon which hold huge amounts of data, to see that this analogy is not without foundation.
In this context and in light of the continued push by organisations to collect and “mine” data, the General Data Protection Regulation (GDPR) which the European Union is implementing, aims to make businesses more accountable for data privacy. It also offers European citizens extra rights and more control over their personal data. All businesses must be able to prove compliance by May 25th 2018.
To ensure that Morgan McKinley is fully aware of the impact the GDPR will have on our business and our clients’ businesses, we had a number of consultants attend the GDPR Summit run by the GDPR Awareness Coalition recently. The summit was run very well and a number of excellent speakers discussed recurring key themes.
One of the key findings was that despite every sector in every single industry being affected by GDPR, the general lack of awareness, especially at a senior level, about the far-reaching and extremely costly ramifications of the GDPR is astounding. Some of the consequences companies will be subject to for very serious data breaches are fines of up to €20 million or 4% of total worldwide annual turnover (whichever is greater). All organisations, regardless of size and profitability, are subject to the same fines. Serious breaches need to be reported within 72 hours to the Data Protection Commissioner and this requirement will be strictly enforced.
There is a definite air of uncertainty about the implementation of GDPR. For example, 85% of all SMEs store data which will be captured by the parameters of GDPR but only 55% of those surveyed were aware of GDPR and its consequences. One thing is for certain- inaction will lead to trouble for organisations.
Advice from the summit centred on the necessity for businesses to immediately commence running projects to ensure they are prepared. As fines will impact the CEO or Board, they should be the GDPR project drivers.
These projects should include:
In addition to these immediate projects, organisations are also being advised to do the following:
It is worth considering that as this year progresses and the business awareness of the consequences of non-compliance begin to hit home, there will be an increased demand for legal and compliance professionals, data security specialists and project managers in relation to the GDPR. Smaller organisations will be competing with larger organisations in relation to attaining consultancy services and SMEs need to act sooner rather than later in relation to engaging consultants, external advisors and trainers.
Morgan McKinley has established a team of consultants to ensure we can service the current and future demand for these professionals from across our client base. If you are starting a project in relation to Data Protection, Security and Compliance and require any resources or advice in relation to this, please feel free to get in touch.