Welsh IT support specialists warn against paying huge fees for data security advice

Welsh IT support company ITCS  has noticed that businesses are increasingly making enquiries related to IT security and the proposed GDPR changes expected to come into force in May 2018.

This is certainly long overdue. According to research compiled by the company, only 9% of SMEs educate their staff about IT and data security, and the threat of GDPR is causing widespread panic.

Set to come into effect next year, GDPR is the new EU framework for data protection laws – replacing the previous 1995 data protection directive. Current UK law is based on the latter.

In Britain, the Data Protection Bill will implement the vast majority of GDPR. Published on September 14, 2017, it has yet to pass through the House of Commons and the House of Lords before it becomes law.

And ITCS has found that GDPR rules are causing lots of fear among businesses, mainly because the law will change how personal data can be used and stored.

But the thing is, businesses that are already compliant with existing UK law will only need to make small changes. The biggest issue for SMEs is that many of them have traditionally been complacent with data and data security in general.

As a result of the pending arrival of the new rules and the surrounding publicity, many businesses are beginning to pay more attention to their security provisions.

The panic has been well and truly reinforced by recent data breaches that made the headlines, such as the huge Equifax data leak, and an earlier breach by UK supermarket Morrisons.

In the Morrisons case, nearly 6,000 staff ended bringing action against their employer when a rogue employee deliberately leaked sensitive staff data.

Brian Stokes, managing Director of ITCS, believes that there is reason for caution but no need for businesses to panic about GDPR.

“It isn’t the new rules businesses should worry about so much as a historically lax attitude to data security – which is something that can easily be changed by raising awareness and staff training, as well as implementing robust security processes,” he said.

“Businesses need to stop viewing IT security as ‘something for the IT geeks’ to fix – every employee should have basic awareness and should act as an additional layer of security to protect your sensitive data.

“However, businesses should be careful whose advice they trust – you don’t need to pay huge fees to get your business GDPR ready.”

The company is noticing a wave of people who are claiming to be credited experts in the area. Stokes continued: “We’re seeing lots of self-identified experts and consultants jumping on the bandwagon and demanding huge fees.

“We’ve responded by offering a free IT security audit and ‘data health check’ to any business worried about the new rules – and you don’t have to be an existing customer to take advantage of that.

“It’s our way of giving something back to the South Wales business community we are proud to be part of.  Security and compliance have always been priorities for the ITCS team and our compliance team will continue to support businesses ahead of the planned changes and beyond.”

Image credit: BalticServers/Wikimedia Commons