There’s a fast evolving area of responsibility about which some directors know very little and for which they can be held personally liable – the protection of data and real world security
This half day (9-1) workshop focuses on what directors need to do to protect their own personal positions on this issue. After all, in the space of only a year,(Q2 2018 – 2019) 16 directors were banned from holding office for a total of more than 100 years due to GDPR breaches.
It’s important too that you don’t see this as just an IT issue.
A lack of understanding of your personal GDPR obligations is not an excuse in the eyes of the law! It’s your responsibility to know these obligations and to act on these. Think of GDPR as today’s equivalent to Health & Safety regulations – you wouldn’t send one of your people up a ladder without suitable protection or risk assessment. If you did, and something went wrong, you would expect to be sanctioned for that. Well it’s the same for a loss of data.
It’s important too that you don’t see this as just an IT issue. Your business could invest heavily in protecting its IT systems from external attack, but in the final quarter of 2018 only 14% of breaches were cyber security related, whereas 50% were attributable to human error. It’s always a good idea to ensure your IT infrastructure is secure but this is also about people, processes and procedures for effective real world security.
You need to understand where your data assets are, and identify the risks. Having done so, you then need to take action to either remediate, accept or transfer that risk. Skilled teams like Net-Defence and Burness Paull can help your business to do this, but you need to take the first step.
Debra Cairns leads the GRC specialist team, which is part of UK wide award-winning security company, Net Defence.
Net Defence provides security, secure IT, GRC, secure telecoms and investigations consultancy, education and audit services globally. It is part of the Scottish founded, third generation family business, Ogilvie Group. Clients include UK wide businesses, third sector and public-sector organisations, company directors, boards, marketing teams, IT teams, export teams and Law Enforcement Agencies in the UK and USA.
Fiona Davidson is part of the professional indemnity team at Burness Paull LLP and has experience working with corporate clients, funds, major insurers, charities and the public sector including providing advice to boards on governance and risk management.
Burness Paull is one of the largest, independent Scottish commercial law firms. With 68 partners, over 320 lawyers, and offices in Scotland’s three largest cities: Edinburgh, Glasgow and Aberdeen. The firm is resourced in every sector important to the Scottish economy - public sector, financial services, banks, private equity, property & infrastructure, food & drink, oil & gas. Practice areas include corporate finance, technology and commercial, banking and funds, property, planning, construction & projects, health & safety, employment & pensions and dispute resolution.