An interview with David Clarke on the impact of GDPR on SMEs.

The GDPR came into effect on 25th May 2018. In the wake of growing confusion and imbroglio, we discussed the impact of the EU’s new data protection law with David Clarke, and how would it impact the personal data of consumers, and regulate the conduct of businesses in the coming years.

David has an extensive profile and is the founder of GDPR Technology Forum and an internationally known GDPR and security advisor. He was recognized as one of the top 10 influencers by Thompson Reuter’s “Top 30 most influential thought-leaders and thinkers on social media, in risk management, compliance, and regTech in the UK”.

In the past, David held multiple security management positions such as Global Head of Security Service Delivery and Head of Security Infrastructure.

His experience in both security and compliance make him the professional authority on GDPR implementation.

1. Let’s start with your journey. Tell us how did you get started, and what motivated you to become a Cyber Security Alchemist/ GDPR Consultant?

I have been involved with Information security a long time when I worked as a remote access consultant working with 2-factor authentication in the 90’s!

2. In the recent months, there has been a lot of discussion about GDPR. Can you explain to our audiences, about what GDPR is, and why should companies be wary about this?

Under GDPR, the data subjects own their data and companies need to treat it with care delivering the new GDPR rights and cybersecurity.

3. In your opinion, how would GDPR impact the mass audiences?

It has a Global impact, The UK Data Protection Authority recently supported a SAR (Subject Access Request ) for a US citizen.

4. What are some most notorious cybersecurity threats of today? And what are some future threats do you see?

There a plenty, I like the files attacks due to their ability to be almost undetectable.

5. According to some experts, SMEs are more vulnerable to cyber attack than they were ever before. Do you agree with this?

Yes, The knowledge and technology needed are growing all the time and most businesses have become 24/7 and global.

6. There has been a debate about online businesses being under the threat of cyberbullying and phishing. What are your views on this?

Yes, they are under threat, in the late 1600’s there were highwaymen and robbery mainly at the mitigation involved into a private police force, that evolved into to Government policy, we are still dealing with same issues and looking for solutions.

7. The amount of online predators is increasing day by day. How does an online business stay protected in these times?

Much can be done by observing Infosecurity standards and having a strategy across the business rather than just IT. There are some really great services that can help.

8. What are your major predictions for the upcoming years that could possibly impact organizations who get their work done online?

Much like the highwayman analogy more government help is needed and is coming, and it may be that security has eventually to be outsourced, in a similar way to the physical world, very few companies have their own security guards etc.

9. Most SMEs aren’t really sure about the steps that they need to take in order to protect their business from online attacks. Do you agree?

Yes, I agree using cyber essentials, ISO 27001, NIST, CSA can help, and using suppliers that can assist, unfortunately, we expect companies to fight electronically the equivalent of a great boxer or army, with very little training or knowledge.

10. In your opinion, what steps need to be undertaken in order to build awareness about the threats that SMEs are exposed to while staying online?

The GDPR is about 2 things Data Rights and Data Security I think this will raise awareness as threats to business is as much from regulations as well the threat landscape.

Thank you for your time.

For more information, visit his Linkedin or follow him on Twitter at @1DavidClarke