The dust is beginning to settle on the EU referendum result. But, while the UK’s departure from the union is set to shake things up for many businesses nationwide, there’s at least one EU ruling that UK businesses will still have to comply with: the General Data Protection Regulation.
As cybersecurity experts are all aware, the upcoming GDPR was established with the aim of protecting EU residents’ data. It means that businesses will have to employ heightened encryption and authentication techniques to prevent breaches from happening, and will be subject to fines and breach reports in the event that one occurs. Regardless of the outcome of Brexit negotiations, UK-based businesses will need to protect the data of citizens residing with the EU.
With less than two years to go until the regulation comes into full effect, businesses would be well advised to start thinking about implementing it now. And, while the regulation can be seen as demanding, there are a whole number of reasons why British businesses should carry them out other than because they’re obliged to. We only need to look at recent high-profile data breaches to see their immediate impact.
Customer trust is key
Research commissioned by Gemalto revealed that nearly two-thirds (64%) of the 5,000 consumers surveyed would consider ending their relationship with a company if their financial and sensitive information was stolen. The message was clear: lose my data and you’ll lose my trust.
One example here is the breach that TalkTalk suffered in October 2015, in which 15,600 customers had their bank details compromised. It serves as a strong reminder for companies nationwide as to why customer data must be protected. While 15,600 customers lost their data, a much higher proportion of subscribers – 80,000 – that hadn’t had their financial data compromised also chose to walk, with the company losing 95,000 subscribers in total.
At about 2.5% of the company’s customer base, the breach hurt the company to the core, and the breach and resulting actions cost the company 60 million pounds — nearly double what was anticipated in the days following the breach. To put this another way, it’s roughly the same as the company’s entire profit for 2014. Simply put, they might as well not have bothered being in business for the year.
But breaches don’t only result in a loss of customer trust – shares often plummet on the FTSE too. Clearly, investors often pre-empt that customers will dissociate from a company that has suffered a breach, and because a company is nothing without its customers, investors decide to end their investment within it, too.
Had GDPR been in place back in October, TalkTalk may have had different measures in place to help prevent this breach, and its impact may have been smaller.
Small businesses face big challenges
Major corporations aren’t the only ones that are affected by breaches – they can be a big issue for SMEs too. No matter how much or how little data a business is holding, it’s still important to the individual it belongs to. Again, this can have major damage on a business’s customer base, and can render a small business non-existent – especially when you consider the fines they may face. While effective security solutions might seem like an extra overhead for a smaller business, the potential lawsuits can be financially crippling.
With this in mind, good security is not just to prevent bad PR. It’s a board room issue, and can affect the success, or survival, of a business. GDPR will force companies large and small to treat security as a much more serious issue.
GDPR help is here
According to Gemalto’s Breach Level Index, over 700 million data records were compromised last year as the result of 1,650 data breaches. It would seem that businesses are aware of what might happen if and when a breach occurs, but they’re still not acting as if they themselves will be subject to them.
The GDPR is a significant step in ensuring that the data of European citizens is protected, as the protocols within the regulation will do a great deal to stop data breaches such as these within in its tracks.
Enforcing air tight two-factor authentication methods, end-to-end encryption, and intelligent encryption key management will ensure that data is secure as it can possibly be, and that businesses don’t lost the trust that customers place within them, or their share prices either.
With Brexit and GDPR looming over the UK in the next two years, British businesses are facing a fair few hurdles to overcome. But if businesses can ensure that they’re compliant with the ruling ahead of the deadline, they can rest assured that they’re doing enough to ensure their customer’s data won’t get into the wrong hands, and that they don’t lose their customer base and company value in the process.