Two years have flown by. The new GDPR (General Data Protection Regulation) came into effect on the 25th of May 2016, and it will be mandatory to comply with it from the same date in 2018. If your company still hasn’t adapted to the changes, it had better start to do so ASAP.
This isn’t just any old procedure, and nor is it simply an additional provision. It’s a vital issue as far as the security, privacy, and processing of information is concerned. But there is some truly worrying data: according to Crowd Research Partners, 30% of companies aren’t ready to adapt to the new regulation.
GDPR is going to affect the immediate present for companies at a European level, and those that don’t insert the new regulation into their legal framework will face two possible dangers: the legal and financial consequences, and the associated cybersecurity risks.
The consequences of breaching GDPR
1.- For your company’s accounts
Breaching GDPR has four levels of sanctions: a warning, a reprimand, the suspension of data processing, and a fine. This last case has two levels: Level 1, a payment of €10 million or 2% of annual global turnover (whichever figure is higher); at Level 2, a payment of €20 million, or 4% of annual global turnover (again, the higher figure).
If we add to all this (which is already a lot) any claims made by users affected by your infraction or possible complaints from any corporate or economic operator, believe us: flouting the regulation will end up affecting you more than you could ever imagine. And, make no mistake: it won’t be worth it.
2.- For the credibility of your business
Not complying with GDPR can also put the viability of your business and the future of your company at serious risk. Do you really want to be the only one who doesn’t comply with a regulation which is mandatory in the whole European Union? If you do, you’d better get ready for your company to be known for it.
This is no small thing: GDPR obliges you, among other things, to officially notify of possible leaks of users’ private data. If you’d rather breach the regulation, your company’s image will be associated with this infringement, both in public opinion and within your industry. And next time you want to secure commercial agreements of any kind, this will be one of the key reasons you’ll be given no for an answer.
The real battle: cybersecurity
But it doesn’t stop there. If 2017 and 2018 are, so far, the quintessential years of cybersecurity attacks, GDPR is yet another ingredient in the juicy recipe already being prepared by cybercriminals all over the world in order to commit this kind of crime.
If you think that it’s no big deal, why don’t you mull over the two possible situations that can occur if someone should want to infringe on your cybersecurity using GDPR as a starting block:
1.- Economic extortion
Picture this: even though you have to comply with the new EU regulation, it turns out that you didn’t. Someone finds a security breach in your company, makes use of it, gets access to some data and… Bingo! They discover your non-compliance. The cybercriminal knows full well that you could face fines of up to €20 million, so, what if they ask for a financial ‘reward’ in exchange for keeping their mouth shut?
The fact is that any compensation demanded will be much lower than the possible fine, but, apart from the fact that you’ll be breaking the new regulation, you’ll also be risking the possibility that the extortion won’t stop there.
With, among other cases, the elections in the United States, it was made quite clear: cyberattacks don’t necessarily have to have a financial element, rather they can also have political, ideological, social, or corporate ends. If someone discovers vulnerabilities in your cybersecurity, they could try to force you to take actions that you don’t want to take.
It goes without saying that, in order to avoid either of the two situations outlined above, you must take the utmost care of your company’s cybersecurity. This is of course something that must be ever present in the day to day of your company, but even more so in this context.
We hope we’ve managed to convince you. If your company still hasn’t got to work on GDPR, or has done so but still has some work to do on it, take a look at our guide on how to adapt to the new regulation as soon as possible. And if you want to equip yourself in terms of technology and cybersecurity, Panda Adaptive Defense, with its Data Control Module can help you not only when it comes to preventing any attacks, but can also help you to defend yourself if the attack has already happened.