Thank you for signing up!

Thank you for signing up for our newsletter. It's a great way to stay up to date with everything about Grove Group.

Trouble may loom if your business is not prepared for GDPR laws by May

GDPR – the good, the bad and the ugly

Is your company sitting on client information that could cost you millions in fines because it’s not managed correctly? Do you know if your company will be able to protect customer data in accordance with far-reaching new laws?

When the European Union’s (EU) General Data Protection Regulation (GDPR) comes into effect 25 May 2018 in the 28 EU member states it will have big repercussions for every business with interests on the continent. Being unprepared is not an option.

Companies around the globe are now rushing to meet the deadline for compliance and many are finding out they need help.

With only weeks to go until the biggest change to Data Protection Laws in 20 years, Grove is taking a proactive approach to help companies prepare for this massive shift.

Essentially these new rules mean that companies need to protect the data of EU citizens against loss, theft, or disclosure. Companies are required to also get rid of the data as soon as they can. And if any data of EU citizens is breached, you are obliged to report it to European authorities within 72 hours of discovery.

By decree, organisations must demonstrate they have proper controls over the processing and security of personal data, including how data is used, stored, kept up to date, accessed, transferred and deleted. It’s therefore imperative that organisations review – and likely overhaul – the way they handle personal data or face the nasty consequences of huge fines.

Chad Bartlett, director of strategic partnerships and innovation at Grove urges companies to be more proactive. A lot of businesses not residing in the EU believe that the GDPR does not apply to them, simply because they do not operate from a European country. But this is a flawed assumption, Chad says. “If your business has ever sold a product or service to someone living in the EU, or if you have a remote team member who works from their home in the Netherlands, for example, you will have to comply.”

If your company processes the personal data of EU citizens or residents then GDPR applies to you, regardless of your location. As a result, almost every major company, business, and media group is affected.

So let’s take a hard look at the Good, the Bad and the Ugly regarding the GDPR.

The Good News

Although there are still concerns about the intricacies of the new legislation and the practicalities pertaining to its enforcement, most experts welcome the overarching principle of giving citizens back the control of their personal data and to simplify the regulatory environment for international business by unifying regulation within the EU.

It’s a positive step forward for individuals’ privacy rights, especially considering the risks of the internet and digital economy. It’s also intended to help make data protection laws simpler and clearer for companies and government agencies. It does however impose new obligations on organisations globally that market, track, or handle personal data of EU residents.

Although GDPR introduces stringent compliance requirements, the basic rules for data protection remain the same. This means that compliance won’t require businesses to build something from scratch but rather calls for a revision of existing compliance procedures.

Anytime a business works to improve processes and procedures, certain benefits naturally accrue. Becoming compliant with GDPR presents businesses with a number of opportunities and strengthen their competitive advantage:

  • Improved data governance, which will drive business efficiency. Having the right policies in place will improve your business’ analytical processes, optimise operational efficiency and reduce costs.

  • Improve business reputation by building consumer trust and enable organisations to enter the trade for data in a way that is transparent and fair.

  • Improved customer satisfaction. When companies have a holistic view of their customer data, they’re able to engage in more relevant interactions, and to offer new services aimed at improving the customer experience.

  • Boost the organisation's external value proposition. The result should be a safer and more transparent ecosystem – and based on this, an organisation should feel more confident about the future.

The Bad

Despite these compelling benefits, there are challenges in complying with GDPR.

  • Businesses will need to establish an inventory of what data is being collected, used and stored across the organisation. To do this, data needs to be identified and catalogued, while maintaining a record of the data lineage. This is an enormous task that cannot be done without expertise.

  • Businesses will need a solid data governance framework to support requirements such as the ability to operationalize requests like the right to be forgotten, data portability (when a customer switches to a new service provider) and consent management.

  • Security will also become a crucial focus area for any business dealing with personal data such as names, email addresses and phone numbers. Organisations need to protect their networks against breaches and have systems in place to inform affected individuals and authorities if data is compromised.

The Ugly - heavy penalties

The implementation of GDPR represents one of the most significant events in data protection regulatory history.

The regulation’s architects deliberately set potential penalties high to motivate compliance. A strategy simply to proceed with business-as-usual and pay fines in the event of exposure invites serious business impact. Improper processing of personal data in emails will make any organisation vulnerable to significant reputational damage and financial losses.

Companies must ask themselves: “If found guilty of non-compliance, would the reputational damage, commercial and punitive losses, business interruption and/or loss of confidential information affect our business?” If the answer is yes, then we should probably have a conversation.

The regulation is a game changer not only in terms of scope and ambition, but also the significant penalties for non-compliance: the maximum fine for non-compliance can be up to €20 million or 4% of global annual turnover, whichever is the greater. Losing this amount of money could threaten the future of any company.

Gartner Research reported recently when the EU GDPR comes into effect, a single complaint could result in an audit and a fine for improperly handling personal data unless IT leaders have adjusted their data management and backup strategies to be ready. Start modifying plans, policies, processes and technologies today.

Bottom line

Don’t let GDPR become a last-minute headache for your company. You’ll be better off implementing GDPR as soon as possible. Not only will this remove any possible legal ramifications, but it will also make your company more attractive as compliance is an outstanding asset for existing and potential customers in Europe, giving you a distinct advantage.

Fortunately, Grove provides numerous ways to help simplify GDPR compliance. As a Google Partner as well as a Mimecast and Darktrace distributor Grove’s team of cybersecurity experts are committed to help your business comply with GDPR regulations by the enforcement date in May.

  • Our services cover front-line security defense systems to help ward against ransomware, impersonation and phishing that use weaponised attachments, malicious URLs and social engineering to steal data and credentials.

  • Robust encryption and data leak prevention (DLP) help ensure personal data entrusted to you don’t get into the wrong hands.

  • Cloud archiving that offers fine-grained control to respond quickly to opt-out requests.

  • Comprehensive and robust proprietary, unsupervised machine learning and AI algorithm technologies capable of defending against unknown threats and insiders that start going awry.

  • Real-time visibility required to make intelligence-based decisions in live situations, while enabling in-depth investigations into historical activity.

Want to know more - download the Darktrace GDPR white paper here

Be proactive. Find out how Grove's best-of-breed technology solutions can assist you. Contact us today.

Call us on +27 21 040 3140 or send an email to

Tags: Darktrace, Mimecast, Proofpoint, Darktrace GDPR white paper

Recent Tweets