What is GDPR Wargaming?
GDPR is the next step in data protection for clients, employees and a range of different departments within organisations. The implications are widespread throughout companies and it is a change that will impact significantly on how we capture and store personal data. The legislation comes into effect on May 25th, 2018 and the consequences of not being GDPR ready can be significant for businesses of all sizes.
Building on the success of our wargame offering, we have developed GDPR-specific wargames. We have engaged with legal, data protection and cybersecurity experts to help test business resilience and ensure that companies are covering all the necessary aspects of their business to deal with the pending GDPR legislation.
Feedback from our clients shows that wargames are a unique and cost-effective way for a client to self-assure that sufficient remedies are in place for GDPR and will help navigate the complex and often confusing environment of GDPR compliance.
Why Wargame for GDPR?
The consequences for organisations not being compliant with GDPR are significant. The legislation will be regulated by the Information Commissioners Office and depending on the severity of the breach and the nature of the business, fines will be based on the two-tiered sanction regime – with lesser incidents mapped against €10 million (£7.9 million) or 2% of an organisation’s global turnover (whichever is greater), and more severe incidents mapped against €20 million or 4% of turnover (whichever is greater).
Furthermore, the damage posed to a company’s reputation by a data breach or cyber attack can be significant, especially if that company is found not to have been robust in protecting the personal data they have collected and retain. For example, TalkTalk’s 2016 fine of £400,000 following hackers accessing customer data as a result of security failings would rocket to £59 million under GDPR legislation.
The GDPR legislation is complex and confusing. If it is not something you are used to navigating it can seem like a monumental task. Wargaming your current plans or your proposed plans will:
- Where progress has been good, offer a health check to ensure an optimum position for May 2018
- Where more needs to be done, offer prioritisation to ensure that activity is focused on the right things over the coming months
- Where GDPR related activities have not yet started, offer an assessment of the major risks your company faces and identify loopholes and possible failure points
Listen Chris Paton explain why wargaming for GDPR can help organisation get GDPR ready:
Wargame with External Experts
At Quirk Solutions, we have sourced legal experts, cyber specialists and data protection professionals who excel in their field. They understand the legislation expertly and are aware of the potential risks facing UK businesses once this legislation comes into place.
Our GDPR Wargames offer clients an additional resource where they can avail of this panel of experts to fill positions on the red team, to help challenge the plans and policies put forward by the blue team. Together with the experienced facilitation of Quirk Solutions, this type of wargame will expose loopholes or possible vulnerabilities in the plans your teams already have in place, therefore strengthening your plans for GDPR readiness.
Wargame with Your Own Team
As with all Quirk Solutions wargames, our focus is to empower your team to be better and there are options to run wargames without the external experts. The blue team will be filled with in-house champions of the company’s GDPR plans being tested, while the red team are those who are going to be affected by that plan. Relevant departments will take part in the wargames to ensure and investigate if they are covering all necessary aspects of their business to deal with the pending GDPR legislation.