Is the defence sector ready for GDPR?

The new GDPR regulations, which will come into place on 25 May 2018, will raise the bar for cyber security. The MOD already requires defence suppliers to have a Cyber Essentials certificate by the contract start date at the latest, and for it to be renewed annually. What will the changes mean for defence suppliers? Read about what your organisation MUST know in preparation for GDPR implementation this week.  

Are you EU compliant?

The changes affect all defence suppliers that want to sell their goods or services to people in the EU (even if they are located outside it). Defence suppliers must be compliant with GDPR. More information can be found at the official EU General Data Protection Regulation (GDPR) site here.  

GDPR: what’s new?

GDPR includes requirements that could affect the way your organisation controls, stores and uses personal data. On 25 May, when GDPR comes into force, your organisation will be expected to be ready and compliant. For some organisations the introduction of GDPR will make little difference as they are already working within the limits set by the regulation. However, those that are not need to start making sure they are compliant immediately. The current maximum fine for a data breach is £500,000. However, moving forward, organisations that experience a data breach will see fines of up to 4% of their annual turnover or 20 million Euros, depending on which is greater. If your organisation does suffer from a data breach, the Information Commissioner’s Office (ICO) MUST be informed within 72 hours of the breach.  

Cyber Essentials and GDPR

Is your business protected against looming cyber attacks? The head of the UK’s National Cyber Security Centre has warned that a major cyber attack on the UK is a matter of “when, not if”. Although your organisation will require more than Cyber Essentials to comply with GDPR, protecting your business against cyber breaches will help you to tick some of the GDPR boxes. Gaining Cyber Essentials certification is also a quick and straightforward way to provide evidence that you have taken steps towards protecting your organisation and its data from cyber attacks.  

Become Cyber Essentials Certified

There is still time to become Cyber Essentials certified before GDPR launches. Cyber Essentials is recommended by the UK Government. The certification is designed to provide a statement of the basic controls that can protect your organisation from 80% of common cyber threats. Several providers offer Cyber Essentials certification; however, with DCI Cyber Essentials Fast Track you can gain certification within 24 hours*.   *Office hours are based on GMT working time 9am-5pm Monday -Thursday and 9am-2pm on Fridays. Fast Track applications made outside these times cannot be guaranteed for a 24 hour turnaround.