It's not too late to get GDPR compliant

A full quarter after the initial deadline for compliance – GDPR remains an issue that many businesses need to address

Three months have now passed since the GDPR rules came into force. So far, there have luckily been no major headlines or stories of companies breaching the rules and subsequently being hit with big financial penalties. Let’s just remind ourselves – the potential fines are up to €20,000 or 4% of turnover, whichever greater in each operating country of business. That’s not something that can be casually dismissed or ignored by any organisation. To find out more you can download our GDPR quick guide.

However, if GDPR was meant to be such a big deal, why have we heard nothing about enforcement over the last 90 days? In many parts of Europe, it is certainly the case that a period of grace is being allowed, in which businesses are being given time to get themselves fully compliant. In Austria for example, this is fairly open and public knowledge. In other countries, it may be what’s happening but not as clearly understood.

Getting GDPR compliant

There is a recognition that, there was a lot of publicity, discussion – I hosted a few GDPR webinars on the subject - and activity around GDPR ahead of the 25 May 2018 deadline, many companies simply did not take action. Many businesses rushed their compliance and focused primarily on customer opt-in for marketing purposes – remember all the opt-in emails – and so even though they may have taken some steps towards making network security secure and compliant, many are well behind the curve.

If you are unsure if your network is secure and GDPR compliant, try our Security Audit.

There is still time however to get your house in order in regard to GDPR. We know for sure that many of our customers from all over Europe are still working on their compliance projects. The increase that we saw in security license sales and renewals ahead of the May deadline has continued to gather pace over the last quarter.

Fully licensed

What’s happening here is quite clear. While they are putting in place their policies and practices for GDPR compliance, businesses are also discovering a need – and opportunity – to update their network security. To be compliant with GDPR you need to show that you have done all you can to protect data. That means minimising the risk of any infiltration and making sure your unified threat management (UTM), intrusion detection, firewall, and other perimeter and network defences are fully licensed, supported and up-to-date.

Doing all of this does take time and will incur some costs that smaller businesses may not have factored into last year’s budget, but making your network secure does not need to be expensive.

The bottom line here is that it is not too late for businesses to address GDPR. But even though the original deadline has been and gone, getting compliant is still not something to leave for another day. At some point, the period of grace will come to an end.