5 April 2018 | Herpreet Kaur Grewal
Businesses must make employees more "security aware" to remain competitive after the General Data Protection Regulations (GDPR) take effect, says a cybersecurity firm.
The GDPR, coming into force on 25 May, will require businesses to improve their security measures - especially their cybersecurity.
Cybersecurity firm Amethyst, which advises big private and public sector clients, says organisations should already be developing a security-aware culture whereby every member of staff understands the rules about protecting personal data.
Instead of being driven by the fear of breaching the regulations, businesses should see compliance as a way to set themselves apart from their non-compliant competitors, says the company.
Steve Howe, Amethyst's managing director, said: "It is true that failing to protect data puts you at risk of prosecution and potentially enormous fines, not to mention reputation damage and lost sales, but we are encouraging businesses to focus on how they can use the compliance process to show customers they take protecting private data very seriously."
Amethyst is advising organisations to work towards achieving the information security standard ISO 27001, which it says will likely address the core principles and rules of GDPR with good cybersecurity.
Howe added: "In future, we think businesses with the accreditation will be sought out by consumers and business customers while those without it will be eliminated from selection procedures, as happened with the quality management standard ISO 9001."
Under the new rules, the UK's information commissioner has the power to fine firms up to 20 million euros or 4 per cent of global turnover for a serious breach. If a member of the public or an employee complains that their data has been compromised, there may no longer even be a need for him or her to prove any damage or distress. Simply failing to take reasonable care of an individual's data could be enough to initiate a prosecution.