By David Woodfine, director at Cyber Security Associates 

The General Data Protection Regulation (GDPR) arrived at our doors last year.

It triggered a rush of activity in most organisations to firstly understand the regulation then to franticly obtain consent from all their customers to continue to send them marketing emails in order to be compliant.

However, the process resulted in many firms realising that they may have more fundamental issues over the security of their legacy IT systems, the amount of personal data they hold, and the cost and time needed to resolve all the problems.

After the first few of months of GDPR has it really had the impact we thought it might, and if you keep quiet will just be seen as another fad. And of course, with Brexit, it might just go away completely.

More realistically for 2019, organisations will be on the lookout for the first tranche of GDPR fines and sanctions. They will then ask themselves just how severe a data breach would need to be to justify the 4% of global turnover maximum fine.

Many believe the Information Commissioners Office is simply not resourced to cope with the potential surge of data breaches had could be reported, but this is no excuse to ignore the importance of data security.

But is this such a major change? Data protection has been in place since 1998, and the new Data Protection Act 2018 (DPA 18) brings everything inline with the array of technological advances and the amount of data now processed online.

DPA 18 and the GDPR already place more emphasis on good cyber and data security, so it is important not to get worried about compliance and see both initiatives as good information security practice. We don't want to ignore these practices - they are here to stay.

Finally, we can expect to see more transparency around cyber security and data security incidents as the obligation to report them will provide more visibility of the threat. But with this comes more class action litigation and political demands for action by firms to improve their security.

But remember improvements in security is not just about technology and must also come from your organisation, people and process initiatives.

Need more advice or assistance? Contact Cyber Security Associates today on 01452 886982, by emailing info@csa.limited  or visiting www.csa.limited.