The General Data Protection Regulation (GDPR), one of the biggest changes in our data protection laws, comes into force on 25th May 2018. The GDPR will have a major impact on all industries in the UK, including construction, and companies whatever their size, will need to understand and demonstrate compliance to the changes required by the new legislation. The consequences of failing to do so can include fines reaching 20 million euros or 4% of global annual revenues.

According to government statistics, 1 in 6 UK construction companies were affected by a cyber attack in 2015 and the construction industry is deemed to be a “hot target for cyber-attacks in 2018”[1].  Figures have continued to rise as the industry becomes increasingly digitised, using new forms of technology for design and modelling, as well as implementing IoT devices such as thermostats, water heaters and power systems. These changes create new and attractive attack vectors to cyber criminals. In addition, the decentralised nature of the construction industry makes it hard to manage the threat to and from employees.

Nearly half of all cyber attacks (43%) target small businesses[2]; and this is becoming a big issue as small and medium companies form a key part of the supply chain. With many larger construction companies relying on a complex supply chain, a breach of a smaller company could not only affect their own revenue streams and reputation, but also those of a number of other organisations working on the same project. A successful breach of data for a construction organisation could result not only in a loss of confidential or market sensitive information, but furthermore poses a physical risk to people and property.

The starting point to achieving compliance is to have a good understanding of what the new legislation entails. This can start with the simple steps of building awareness and undergoing training to prepare for the obligations that have to be met.

Templar Executives is an award winning Cyber Security company with a unique pedigree of working with organisations across government and the private sector and providing a pragmatic approach on how to address this new landscape. Amongst our market leading portfolio of Cyber Security services and solutions, we provide GDPR training courses and developed the first GCHQ Certified GDPR Awareness e-learning for all those to whom this will be pertinent.

If you would like more information on GDPR and what is appropriate for your company, please  contact Templar Executives now on +44 (0)203 542 9075 or email:

For more information, please visit


[1] Herjavec Group, Cyber Crime Report 2017

[2] Symantec’s 2016 Internet Security Threat Report