The General Data Protection Regulation (GDPR), which took effect on May 25, 2018, was developed to give people control of their personal data and create a high, uniform level of data protection across the EU that is ‘fit for today’s digital age’. Combined with the backdrop of the GDPR regulatory environment, the cyber landscape is also rapidly evolving, with cyber criminals becoming ever more sophisticated in identifying new ways of penetrating IT infrastructures.
Vigilance is critical and this can seem particularly daunting to SMEs, which typically do not have large IT departments and budgets.
Businesses, including SMEs, can expect the Information Commissioner's Office (ICO) to react severely if they cannot demonstrate sufficient control and protection over the data they own - especially in the event of a breach. In addition to fines for lack of compliance, the cyber risks deriving from the inadequate protection of data held by businesses are multiple, including exposure to socially engineered attacks and ransomware. These risks can lead to loss of customers and revenue, cause reputation damage, and ultimately can fundamentally threaten the stability of the business.