CCR Magazine

You are here  :Home arrow News arrow Firms should build security aware culture ahead of GDPR
Contact Us Newsletter Signup RSS Feeds

Latest News Headlines


Commercial Credit News


Firms should build security aware culture ahead of GDPR PDF Print E-mail
Wednesday, 04 April 2018
Managers have just weeks until sweeping new data protection rules come in, and they should seize the opportunity to create a competitive advantage.  

That’s the message from a leading cyber security company ahead of GDPR, which is due to come into force on 25 May 2018.

Amethyst – which advises big private and public sector clients – says organisations should already be developing a security aware culture where every member of staff understands the rules about protecting personal data. Instead of being driven by the fear of breaching the regulations, businesses should see compliance as a way to set themselves apart from their non-compliant competitors, the company says.

Managing Director Steve Howe explained: “It is true that failing to protect data puts you at risk of prosecution and potentially enormous fines, not to mention reputational damage and lost sales, but we are encouraging businesses to focus on how they can use the compliance process to show customers they take protecting private data very seriously.”

Amethyst is advising organisations to work towards achieving the information security standard ISO 27001, which it says will likely address the core principles and rules of GDPR with good cyber security.

Mr Howe said: “In future, we think businesses with the accreditation will be sought out by consumers and business customers while those without it will be eliminated from selection procedures, as happened with the quality management standard ISO 9001.”

Under the new rules, the Information Commissioner has the power to fine firms up to 20 million euros or four per cent of global turnover for a serious breach. If a member of the public or an employee complains that their data has been compromised, there may no longer even be a need for him or her to prove any damage or distress. Simply failing to take reasonable care of an individuals’ data could be enough for a possible prosecution.

Mr Howe added: “The Information Commissioner’s Office has indicated it wants to work with businesses to roll out a culture of data protection, rather than bully them into complying. However, there have been suggestions in some quarters that the ICO will want to make an example of one or two organisations early on to heighten awareness of the issue. Either way, businesses should be alive to the risks and opportunities, and if they are not doing so already, they should be making plans to be GDPR ready before next spring.”

That includes appointing a ‘controller’ separate from management to be responsible for meeting GDPR principles and able to demonstrate the organisation’s compliance.

GDPR is designed to harmonise regulations across the EU, driven by Germany’s vigorous support for data protection, and Mr Howe said Brexit could have an impact: “There is some question about how exactly GDPR will apply in the UK after leaving the EU, but the government has confirmed the regulations will definitely come into force. With fines levied in euros and a potentially weak pound, there is also the risk that the pain will be worse for any UK firms who are prosecuted.”

Amethyst has distilled the principles and rules of GDPR into six key points.

Know what personal data you have and why you have it
Manage personal data in a structured way
Know who is responsible
Encrypt, pseudonymise or anonymise what you don’t want to be disclosed, lost or breached
Design a security aware culture into the organisation and all staff
Be prepared: Plan for the worst case scenario

latest issue

CCR Cover

The latest edition of CCR Magazine, the leading editorial publication in the UK credit industry, is out.

Read the latest issue online


CCR is the premier magazine for consumer and credit professionals. It provides an independent voice to the industry, breaking major news stories and running in-depth features.

As a magazine, it works with and campaigns on behalf of the credit industry to promote its importance as a centre of potential profit and business development to the wider business world.

Subscribe to CCR Magazine

CCR World Magazine


Providing information and analysis for thousands of senior credit professionals worldwide, every quarter.

Find out more

GTS Media Ltd
81 Cambridge Road

Registered in England No: 05483197