The threat of cyberattacks is, as we all know, always lurking on the horizon, much in the same way as GDPR is, which is being implemented on the 25th May.
Despite the fact that fears are rising and attacks are becoming more frequent, it seems that manufacturing plants across the UK simply aren’t doing enough to protect themselves from the dangers of cyber-related incidents. More than 80 plants in the UK have fallen victim to such incidents, mainly due to the fact that they lack the visibility and tools needed to carry out the appropriate cyber assessments.
Are UK manufacturers in the midst of an uphill struggle unlikely to go away when it comes to cybersecurity and GDPR?
What GDPR will do
When it comes into effect on May 25th, GDPR will mean that any organisation failing to carry out the appropriate assessments and actions to prevent cyber-attacks could incur fines from the ICO. Astonishingly, these fines could be as high as four percent of a firm’s annual turnover. Surely that news alone is enough to encourage manufacturing companies to sit up and listen…
Where do manufacturers stand with GDPR?
One of the biggest issues regarding GDPR and the manufacturing industry in a lack of understanding regarding its effects. According to a survey conducted by EEF, 16% of manufacturers claim to know little about GDPR or how it will impact on their business and 34% are failing to educate their staff about GDPR.
Once implemented, GDPR will affect the manufacturing industry in the following ways:
Data processing – businesses will be required to secure all personal data including contact details and bank account information.
- The right for data to be deleted – Any data that you have about an individual can be requested to be deleted or reviewed by the person concerned.
- Consent – When businesses go about collecting any type of personal information consent will need to be obtained.
In order to overcome the threats of GDPR, manufacturers could take a KPI approach to their cybersecurity, setting goals and metrics that will improve security.
Cyber-crime is not something that is likely to happen, it is something that is guaranteed to happen, again and again, unless businesses take the appropriate steps to prevent it.