To mark Data Protection Week (Data Protection Day is celebrated on the 28th of January), we want to remind you of the importance of protecting your data. GDPR first came into effect in 2018, when it was made mandatory for businesses to secure their data.

Whether you employ staff or work for yourself, you’re responsible for protecting the personal data of (or information about) anyone who comes into contact with you – including your customers, suppliers and staff.

What does a business need to cover with GDPR now that we are no longer in the EU?

At the moment we are still using the 2018 GDPR rules until new guidelines are published. The second draft of the new guidelines are due to be published in Q2 of 2022, then we will have more of an idea of what to expect.

IF you're an SME and you're looking for some reliable, bite-sized advice on how to build trust and save money through stronger data protection compliance. Take a look at this ICO data protection basics for small organisations, including small businesses and sole traders

Why is Data Protection so important?

We know that some businesses still don’t understand why data protection is hugely important. In 2021 ,ransomware attacks soared by 93%. Cybercriminals have become savvier over the pandemic and created new ways to attack small and large businesses alike. It doesn't matter what industry you came from, you were (and still are) a target.

The data you have on your systems, whether it is to do with your business itself or if it’s to do with your clients and suppliers, is one of your digital assets. That asset is something that cybercriminals want and if they get ahold of your data they can use it in multiple ways. From ransomware to selling it on the dark web. Your company's reputation can be damaged and you can lose income if you have to respond to a cyber attack.

Don’t get caught out. The ICO say that if you don’t take adequate security measures to prevent or contain a data breach, this could lead to a fine. This is because it’s the law to protect people’s data if you’re a controller. There are a number of steps you need to take to show you take your responsibilities seriously – some are straightforward, while others take a little more thought and planning.

Here at the Cyber Resilience Centre, we have developed a Cyber Health Check to provide your business with a summary of your risks and an action plan to help you protect against the latest cyber threats. Take the self-assessment questionnaire today to gain an overview of your business’ cyber resilience and see if you're protecting your data securely.

Our Client Relations Manager, Amanda Crossley shares:

"When I ran my own business a few years ago, I took GDPR seriously, but I wasn’t aware of the severity of cybercrime. I thought that because I was a small business I wouldn’t be seen and they wouldn’t bother me. However, since studying cyber security, I’m more than aware now of how wrong I was and I want you to know how important securing your data is."

Does my organisation need a data protection officer (DPO)?

Data Protection Officers are only required for your organisation if the law states you need one. The ICO can help you find out if you need a data protection officer (DPO) through a short questionnaire here. You can voluntarily appoint one if you feel the need to.

Data Protection Officers oversee your practices and ensure that you are following the guidelines correctly. You can even hire an independent DPO to check what you’re doing is correct and give you some advice moving forward.