Stuart Gentle Publisher at Onrec

GDPR – The biggest threat to your business could be closer than you think

With weeks to go until the biggest change to Data Protection Laws in 20 years, is taking a proactive approach to most in order to help companies prepare for compliance isn’t another software company offering technology solutions to help you become “GDPR Compliant” (nowhere in the GDPR does it state that using 3rd party technology will help mitigate the risks). Instead, focuses on helping companies with their Accountability and Governance duties by providing staff training and awareness around Data Protection and Information Security, in line with the Accountability and Governance requirements set out by the Information Commissioner’s Office to implement technical and organisational measures to mitigate risk of non-compliance.

With fines of up to €20m or 4% of your group’s global annual turnover (whichever is the greatest) the recruitment industry should probably take note given the volumes of personal data and candidate information that they hold. If staff aren’t aware of their legal obligations, or your company isn’t demonstrating a top-down approach to information security and respect for individuals’ data, the consequences (if found guilty of non-compliance) could be greater than you think.

Micky Khanna, founder of says: “The biggest challenge that companies face is within their organisation – such as “low security awareness amongst employees”, and “lack of skilled personnel”. In fact, if you look at the 2017 Cyberthreat Defense Report by CyberEdge Group, they’ve also found that “lack of management support & awareness” as one of the major barriers to establishing effective defences. Staff training and competency is listed as one of the key requirements of the new regulation in terms of Accountability and Governance, which is what we deliver to businesses and goes right to the heart of addressing these issues in that we offer 2 training programmes – one for Heads of Departments and “key stakeholders” of GDPR implementation within the company, the other programme is aimed towards company-wide staff so as to ensure awareness of their duties around security and company policies and processes (and the implications of their actions if negligent).

Companies must ask themselves – “if found guilty of non-compliance, would the reputational damage, commercial and punitive losses, business interruption and/or loss of confidential information affect our business?” If the answer is yes, then we should probably have a conversation.”