A sound IT infrastructure will be efficient and effective, optimising the way that IT supports business operations. However, it must also be compliant – and with the implementation of the General Data Protection Regulation (GDPR) in May 2018 this has become a matter of even more pressing importance.
The financial implications of non-compliance
The Information Commissioner’s Office (ICO) has been given new powers with the introduction of the GDPR. This is set to herald a new era of financial penalties for a lack of compliance – penalties that could be crippling for businesses that are caught by them. A vast increase in the new GDPR fines that could be imposed for a lack of compliance is seen as a sign of intent. While previous penalties never topped £350,000, the GDPR has made it possible for the ICO to fine a non-compliant business 4% of global turnover or up to €20 million, whichever is the larger. All the signs are that the ICO fully intends to flex this fearsome new power so an IT network that fails on the compliance front could be the source of serious issues.
The reputational issues of non-compliance
New provisions in the GDPR require organisations to provide notifications and reports where an IT system has failed to keep data secure. These are much more stringent than was previously the case and will mean that there will be much less give when it comes to ensuring data security – and admitting to clients or customers where this has been less than compliant. For any firm – but particularly those in the alternative investment sector where there is a great deal of trust between firm and client – a lack of compliance that results in a system breach could be catastrophic in reputational terms. Given the wealth of sensitive data that is in play, if there is evidence that this is not being handled securely there is every reason for clients to take their business elsewhere.
The legal issues of non-compliance
Non-compliant IT systems can trigger a broad array of legal issues due to the danger this presents to sensitive or personal data held within them. Legal issues could be anything, from individual legal action where someone has suffered loss as a result of inadequate compliance, to criminal penalties such as prison terms where the requirements of legislation have not been met. On the whole, most organisations are likely to be given time to improve a non-compliant situation before action is taken. However, if another party has already suffered loss this may not be the case.
The GDPR actively encourages the use of certification schemes such as ISO 27001. This sets standards that will ensure compliance and due diligence in protecting customer information and adhering to it demonstrates that a business is proactively managing its data security in line with international best practice.
Ensure your IT infrastructure is fully compliant with our netGovernance service – or contact netConsult today to find out how we could help you to get your network GDPR-ready.
Author: Laura Zverko - Follow us on Google+