The GDPR was made active on 14 April 2016 but, as a regulation, it will be enforced on 25 May 2018, at which point non-compliant organisations will face very heavy fines.
It’s a regulation rather than a directive and – make no mistake – it will be fiercely enforced by the Information Commissioner’s Office (ICO).
As a business owner, you really need to start right now if you are going to have all the documentation and procedures in place on time.
THIS COULD HAPPEN TO YOUR COMPANY
If you abuse or do not adequately protect The ICO could issue a penalty of up to €20 million or 4% of your global annual turnover, whichever is greater.
What do we advise
To avoid getting hit by those looming 4% fines is to get a proper “audited” IASME assessment. The accreditation covers Cyber Essentials & GDPR and most importantly the ambiguous security requirements that the GDPR eludes to like “adequate level of protection”
What the ICO say
After 25 May 2018 it’s the ICO that will be handing out the fines so here is a quote directly from them endorsing Cyber Essentials and the fact they would look favourably on those who use it as a proactive tool to control their risks!