On May 25, 2018, the European Union’s (EU’s) General Data Protection Regulation (GDPR) came into full force. It is the most important change in data privacy regulation in 20 years, replacing the the Data Protection Directive 95/46/EC.

While seeking to give the citizens of 28 EU countries more control over their personal data, at the same time, GDPR simplifies data regulations for both local and international businesses with a unified regulation that stands in the EU.

Despite the fast-approaching implementation date, there is still much confusion surrounding the GDPR, especially in terms of what it means and what businesses should do about it. In fact, it was found that 84% of SMEs are still unaware of these policies, which might have something to do with the fact that the entire policy is 200 pages long. With this in mind, Gartner predicts that by the end of 2018, more than 50% of companies will not be in full compliance with its requirements.

As a business owner, here are the basics you need to know about the GDPR.

What is the GDPR?

In a nutshell, the GDPR looks out for the data privacy of individuals by requiring businesses and organizations to provide and develop clear policies to protect personal data. It also pushes them to adopt appropriate technical and organizational measures.

GDPR was built around two key principles:

  1. Simplifying and harmonizing directives for international businesses by unifying the regulations within the EU
  2. Giving EU citizens and residents more control over their personal data.

In fact, with the GDPR, explicit content is required before companies can process data, and citizens can request for access or information as to how their data is used. The GDPR also allows citizens the ‘right to be forgotten’. This means that if they do not want you to process their personal data, or if you have no legal grounds for keeping the data, like if a person is no longer a client of your company, you must respect their decision.

Companies that are not compliant with the GDPR can be fined up to 20 million euros (about US $24 million), or 4% of global revenues—whichever is greater.

Will this Affect US Businesses?

One criticism of the GDPR is that they have not defined territorial scope adequately. But in a nutshell, the GDPR will apply to businesses that processes any data from citizens of the EU. Put simply, yes, the GDPR affects US-based businesses.

Before you get too worried, Article 3 of the GDPR states that the rule only applies if you collect personal data from an EU citizen within EU borders. But if the EU citizen is outside of the EU, GDPR does not apply.

Anyone found breaching any of these laws must be reported to the regulator within 72 hours (24 hours, if possible).

Final Thoughts: GDPR Basics for Businesses

With so much recent news about data breaches, the GDPR is a step in the right direction on controlling data privacy and will change the way Europeans approach data privacy. Once this is implemented and proves successful, there’s no doubt that more countries will follow suit.

Learn more about the GDPR on the EU’s website about this new policy.

You wear many hats as a business owner. IT shouldn’t be one of them. But are the IT services you’re employing doing an effective job at stopping some of the biggest cybersecurity threats to small businesses today? If protecting against the threats posed by ransomware isn’t on the list, your small business might be in jeopardy.

Ransomware is a Bigger Threat Than You Might Think

Ransomware cost its victims $200 million in just the first three months of 2016. So what is it?

As the name implies, ransomware is when hackers take all of your business’s data (including sensitive financial information and customer details) hostage and demand a ransom. It hits suddenly, without warning. One night you close up shop as usual and the next morning you arrive at the office unable to open or delete any of your files. The only way to regain access is to pay up. Prolong payment and the ransom amount will increase.

Small and medium sized businesses like yours are the biggest victims of this threat. That’s because SMBs usually employ outside IT services to help manage their technology. If ransomware protection isn’t on the list, they’re the ones that are most likely to fork over the money to keep their business up and running.

It’s a Commercial Operation

Ransomware isn’t a new threat but it is quickly becoming an epidemic. There are commercial outfits running the game, making the hackers more powerful, effective, and downright destructive. These hackers are raking in upwards of millions of dollars each year preying on unsuspecting business owners.

If you’re not proactively working to protect your business from this growing threat, you’re in danger.

How Your Small Business IT Services Can Save You From Falling Victim

Train Your Team

Ransomware wreaks havoc after one person unsuspectingly opens a seemingly innocent file in an email. Training your team is the first line of defense against this threat. Your IT services provider can help talk to your employees and teach them about how to identify dangerous links or attachments to minimize the threat of your business being attacked.

Keep Your Security Software Up-To-Date

Anti-virus and anti-malware security software is essential in today’s business environment. But you can’t just install it and then forget about it. It must be kept current to stop the latest strains of threats. The company providing you with this essential service should ensure you’re always up-to-date with your computer security software.

Backup Your Data

The best way to protect against ransomware? Back up your data!

Data protection software will regularly scan your computer and take snapshots of your data. If you’re hit with a demand for ransom, you can hit the reset button to the last snapshot, essentially turning back the clock and restoring your company’s data to before the attack.

Not Sure if You’re Protected?

The risk isn’t worth it. Let us know if you’re in doubt about whether or not you’re protected. We’ll do a free security audit on your IT to expose any potential threats and show you how you can get more secure.