GDPR: What does it Mean for Contractors?
Cyber-attacks have become more prevalent than ever in the last 12 months. A recent report from the National Cyber Security Centre noted that there had been over 1,100 attacks in the UK last year, of which over half (590) were deemed significant. 30 of those attacks, a number of which were in the Financial Services Sector, required assistance from government bodies.
To put it in even starker terms, the UK deals with more than 10 significant cyber-attacks every week and that’s only taking into account those which were reported. Unfortunately, such attacks must now be considered par for the course when it comes to business, and we need to ensure that we are all prepared to deal with them.
With the much-discussed General Data Protection Regulation (better known by its acronym GDPR) coming into force on 25th May 2018 we’re taking a look at what exactly the implications will be for contractors and freelancers. How can you make sure you’re GDPR-ready?
As an individual you’ll have more power over your own data. Businesses will be required to have systems in place which ensure that the data in question will not be breached. Furthermore, GDPR redefines the notion of consent when it comes to providing your data to companies. In almost all current scenarios you have to explicitly opt out, but after 25th May freely given, specific, informed and unambiguous indication of your wishes will be required in most circumstances.
However, it’s not just big organisations who’ll feel the pinch of GDPR when it comes to obtaining and holding data. It will also impact the contractors who work for them (if they have access to personal data as part of their role.)
One of the focal points of GDPR centres around the sharing of data by those who control it (the end client, for example) with third parties (i.e. a contractor). Those data controllers (i.e. the end client) will therefore need to ensure they have thorough and in-depth contracts in place with their third party data processors (e.g. any contractors engaged by them) which make very clear that the requirements of GDPR will be met.
To put it simply, the responsibility for GDPR compliance will not just rest with the organisation but with the contractors who work as data processors too. So, what do you need to do to ensure you fall within the lines of GDPR compliance?
It’s worth noting that GDPR will only cover information defined as personal data or special category data, an address, a date of birth, details about race or ethnicity, sexual orientation, biometric or genetic information and so on. If the contractor does not have access to such data, then GDPR may not apply (although we’d always recommend that you take professional advice to determine the nature of the data in question.)
If the organisation transfers that personal data to you in your third-party role, you will need to make sure that you too have the systems in place to protect against the danger of an attack or breach. But it’s not all warnings, systems, and checks.
For those individuals who work in cybersecurity and data management GDPR offers a tremendous opportunity. Given the volume of work involved in making sure they’re adequately prepared, a large number of companies have reached out (and will continue to reach out) to external experts for guidance.
Cybersecurity in particular is likely to experience rapid growth over the next few years, in turn opening up the industry and providing an array of potential jobs. Furthermore, with organisations likely to treat their data with a lot more caution in terms of how it is shared, stored, and managed there will be much work and training to be done.
There’s no doubt that GDPR is at the forefront of many people’s thinking at the moment, and with the prospect of heavy fines for non-compliance that’s no surprise. Take the steps you need to now and get ahead of it. Make GDPR work for you.
At Kingsbridge we’ve recently introduced our Cyber Liability product, specifically tailored to meet the needs of the modern contractor. Staying secure in an increasingly digital world is imperative, and we’re here to help. You can learn more about our cyber cover.