One of the most pressing issues for businesses in the coming weeks and months needs to be preparing for the implementation of the GDPR on May 25th 2018. The imminent changes bring into sharp focus not only what businesses must do in order to comply with the new regulation, but also the whole issue of cyber security and fraud.

Here, we take a look at what you need to know to comply with the GDPR, to protect your business from fraud and cyber attacks, and what support is available.

General Data Protection Regulation

The GDPR - General Data Protection Regulation – sets out the requirements businesses must meet in order to protect the personal data and privacy of those whose data they hold in their records. This means that any business that holds personal information like names, phone numbers, addresses or email addresses will be affected.

There will be implications for HR and IT departments, and throughout the supply chain, while businesses that engage in direct email marketing are going to be hugely impacted. Currently, individuals have to specifically opt out of receiving certain email communications from businesses, but under the GDPR this switches to an opt-in system. This is not only likely to result in a far lower rate of consent for email contact, but it also requires businesses to communicate this change, giving people a choice between opting in or out.

Where is the best place to find information on the GDPR?

The Information Commissioner’s Office holds the most comprehensive set of resources on the GDPR. Information includes a ’12 steps to take now’ introduction, and a checklist to help data controllers and data processors gauge what they are already doing to be GDPR compliant, and what they still need to do.

The ICO has a comprehensive guide to the GDPR that is updated monthly, and they also have a ‘myth busting’ blog series from the Information Commissioner Elizabeth Denham that should ease any fears. Read the latest blog here >

The ICO advice line is open Monday to Friday on 0303 123 1113 and includes a dedicated GDPR preparation helpline for small organisations (choose option 4).

Don’t delay – act now!

The GDPR kicks in on May 25th. This doesn't mean that you can wait until May 24th to think about it. You should have been preparing already, but if you haven’t, you need to start now.

Customers want to use responsible businesses

The importance of compliance isn't simply from a legal viewpoint. According to research from the Direct Marketing Association, 59% of customers say that a brand using their personal data responsibly is important in their decision on whether to use them. Buckinghamshire Business First has signed up as a Data Privacy Day Champion to reflect our commitment to protecting the data we hold, and to raising awareness of the importance of data privacy.

What should you be doing to protect people’s personal data?

Two major security flaws have emerged recently – Meltdown and Spectre – that affect virtually every modern computer. The flaws could allow hackers to steal sensitive personal data.

The ICO’s head of technology, Nigel Houlden, shares the ICO’s advice for organisations in the face of such threats.

Cyber Essentials – good practice on cyber security

The government has developed an accreditation scheme that organisations are advised to complete in order to understand good practice around cyber security.

Cyber Essentials is designed to help protect organisations from the most common online threats by putting in place good basic provisions to fight off security threats. Under this scheme, organisations can gain one of two Cyber Essentials badges to show that they have done the necessary work to ensure they are as safe as possible from cyber attacks.

As of 2014, the government requires all suppliers bidding for certain sensitive and personal information handling contracts to be certified against the Cyber Essential scheme.

Cyber Resilience Week

Keep an eye out later in the year for Cyber Resilience Week (September 10th-14th) where you can learn about the latest initiatives to help build your cyber defences.

Buckinghamshire Business First’s near-miss with fraudsters

Last year we had a near-miss with a cyber fraudster, and it was clear from our experience just how easily any company could fall victim to these scam artists. Luckily, we were able to identify the threat in the nick of time and can tell the following tale as a cautionary one, instead of with regret.

What to do if you encounter potential fraud

Action Fraud is the UK’s national fraud and cyber crime reporting centre and is where you should report any potential or successful fraud or cyber crimes.

Contact our business support team

Get in touch with our business support team to talk through any queries you may have. While we can't prevent fraud, we can offer an ear and some advice to point you in the right direction. Call 01494 927130 or email BusinessSupport@bbf.uk.com.