Time is running out until GDPR: are you developing a solution?

Thursday, 20th July 2017

It is now 10 months until the EU’s General Data Protection Regulation becomes law, on 25th May 2018, and a huge number of businesses in the UK still aren’t compliant. Yet almost every business will be effected by the new legislation, and the repercussions for even minor or unintentional breaches will be significant.

Fines for non-compliance

Last year, companies in the UK were fined a total of £880,500 for data and IT security breaches. Yet analysis by NCC Group, a global cyber security expert, estimates that those failings, under GDPR reforms, would have resulted in fines exceeding £69 million.

To put it into perspective, take one high profile culprit, TalkTalk. They paid a fine of £400,000 for their catastrophic security failings that allowed hackers to access reams of customer data. If GDPR had already been in effect, that fine could have totalled £59 million.

Needless to say, for smaller businesses (and indeed many larger ones) such fines would be impossible to swallow. Consider Pharmacy2U’s fine of £130,000 last year: under GDPR, that would have been £4.4 million, and could have spelled the end for the online business.

Becoming compliant

Developing a robust security system that complies with the new law will be essential, but it may not be easy.

GDPR isn’t just about securing the obvious IT systems that deal directly with data collection and management. IT systems are increasingly interconnected, and as we introduce more and more digital systems into the workplace we create more vulnerabilities. As such, GDPR compliance can become more complicated, affecting a vast proportion of a business’ technology and IT.

What’s more, as every business has a unique set of systems and software solutions, it’s not as simple as buying a one size fits all GDPR compliant package. Even off the shelf solutions will need to be tailored to each business’ needs in order to create a truly compliant solution.

The research and development involved in creating – or modifying – these new security protocols can be a lengthy and expensive process, and not every avenue explored will result in a perfect solution. With the digital landscape changing constantly, it’s likely that alterations will need to be made frequently; not just tying up resources, but manpower.

How can R&D help?

R&D tax credits can not only relieve the financial impact of these changes, but can actually boost cash flow to help further developments into more profitable ventures.

When it comes to IT and technology solutions, many businesses (and their accountants) fail to recognise the complexities of the R&D that takes place, leading to less expenditure being successfully claimed. At MCS, we’ve processed R&D claims for a wide range of companies developing IT solutions, with excellent results.

The development of these new, bespoke security systems can also result in lucrative Patent Box opportunities, a currently underutilised initiative that could save businesses a significant amount on their corporation tax.

If you are currently developing GDPR compliant systems, or have completed your main GDPR overhaul in the last two financial years, you could be due an R&D tax credit payment. To find out how MCS Corporate Strategies can help you maximise your claim, call us on 01926 512475 to speak to a specialist now.


See also:

EU Data Protection Regulations

How privacy regulations are affecting IT innovators…and how R&D can help you stay one step ahead.





Sai Kiran Anagani