General Data Protection Regulation (GDPR) is clearly the largest external focus for companies in the lead up to its introduction in May 2018. GDPR mandates considerably tougher penalties than the current Data Protection Act; organisations found in breach of the Regulation can expect administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater. Fines of this scale could very easily lead to business insolvency.

In the past, cyber attackers have often been unaware of how much stolen data is worth to organisations. However, the implementation of GDPR means that organisations can be fined up to 4% of their global annual turnover or €20m, whichever is greater, if found to have a data breach. These fines effectively provide cyber criminals with a price point for criminals to understand how much the data is worth to organisations.

The General Data Protection Regulation (GDPR) will come into effect from the 25th of May 2018 and aims to bring data protection legislation in line with the ways in which data is currently used. One of the key findings from our UK Cloud Snapshot Survey 2017 report was that 62% of respondents highlighted GDPR as the biggest challenge to their IT plans over the next 3 years. Adherence with GDPR in the opinion of one interviewee was “bigger than anything else the company has had to deal with”. 

Many businesses are confused by the regulation of the GDPR and find them almost impossible to translate into a set of controls to implement across the organisation. With just one purchase you can now put in place the security baseline you need in order to meet the legislation and get compliant.