We’re not fretting about GDPR – we’re well on track

A lot of businesses are currently panicking about the imminent changes to data protection legislation. It seems that they have only just realised that GDPR will apply to their operation and that it’s not simply some nonsense from Brussels that they can ignore.

We understand this situation in some ways. We’re living through a rapidly changing age, and we haven’t had much time to assess clearly how much personal information companies hold. That data has real value, and the growing number of high-profile cyberattacks shows that even major companies still have weak security systems. People want to believe their personal information is protected, but that isn’t always true.

EU legislators have recognised this. The GDPR regulations impose stiff penalties, send a clear wake-up call to businesses, and give individuals the rights they need. Although the law comes from the EU, it will affect almost every UK business.

Even if your business operates entirely in the UK, storing data in the cloud could place it on servers anywhere in the world. If your website collects information from an EU citizen, GDPR applies to you. Brexit changes nothing – the UK follows GDPR because it makes sense, and that’s why we’re already well on track with our GDPR preparations.

We owe a duty of care to our customers and to our suppliers – in fact, to anyone we interact with. We need to treat their information with respect and recognise its value. Our processes are already changing as we take a close look at the risks and at our responsibilities. Our privacy policies, security measures and methods are all being scrutinised and we’re actioning every single issue we find.

We’ve still got a few weeks to go before the 25th May deadline. We’re well on track, and we’re confident that we’ll be ready, but we’re not complacent. We recognise that the nature of cybercrime attacks is continually evolving.

Every business needs to maintain a strategy for the ongoing protection of data. Not just to tick a box that confirms compliance with a complicated and confusing set of rules – we need to do this because trust is a vital part of any relationship.

We’ve got a message for those trying to ignore GDPR:  don’t – it’s not about red tape, it’s about respect.