Don’t worry about the Russians hacking you. Whilst no one can rule that out, it’s maybe low down the list of probabilities.
The Information Commissioner’s Office is armed with the power to inflict whopping fines if you don’t take sensible steps to protect the data that you hold about others.
Far more serious than a determined hack from Russia would be the risk from small-time chancers who scout round the internet and spot and exploit easy loopholes. The Times covers the issue well today – read more here: “Off-the-shelf hacking kits let amateurs target schools”.
It works like this:
1. You think, ‘this GDPR thing is just too much’,
2 You ignore it or don’t give it sufficient thought,
3. You take the chance that you will not be caught up in a hacker’s sweep,
4. Maybe you’re right,
5. Maybe you’re not …. (how much would you pay a blackmailer for them not to publish your client’s confidential data all over the internet?)
6. Either way, what if the ICO says to you, ‘Show us your data protection review .. show us what steps you have taken in response to GDPR?’
7. Either way, what if you just lose stuff? No hacking needed.
Don’t put off tackling the GDPR until you’re in trouble. Take some time now to plan your compliance. It’s not hard. It’s not time-consuming. It could save you massive headaches later, and very possibly it will avoid a fine that could finish you off.