On the 25th May 2018, the new General Data Protection Regulation (GDPR) comes into force throughout the EU. The new regulation is a comprehensive uplift on the UK’s 1998 Data Protection Act, and is aimed at harmonising data protection throughout the EU. Regardless of whether your business is in the EU or not, any business which profiles data subjects from the EU must be compliant!
The GDPR places a number of responsibilities on companies who control and process personal data including:
- Putting organisational and technical measures in place to demonstrate compliance
- Making data protection and information security a board-level issue
- Implementing robust and “state-of-the-art” cyber security solutions and reviews
- A focus on transparency and consent as a basis for collecting and processing personal data
- Providing enhanced rights for data subjects – including the right to be forgotten
- More stringent rules around detecting and communicating data breaches to both individuals and the authorities
Companies who fail to fail to comply with the GDPR face fine of up to €20m or 4% of global turnover from the Information Commissioner’s Office in the event of a data breach.
Organisations who hold personal data should be preparing for GDPR now. Some of the processes, schemes and standards companies can implement in preparation include:
- Risk and impact assessments for data protection
- The government-backed Cyber Essentials scheme
- Standards such as ISO27001 or IASME governance
- Recruitment and training of personnel in preparation for GDPR
- Audits of existing data, where it is held and who owns it
- Review of previous consent to see if fresh consent is required under GDPR
- Updating of privacy policies and online contact forms to comply with the regulation
Alongside our Cyber Essentials and IASME Governance assessments, Protos Networks can also assess your organisation for GDPR readiness. We offer a range of consultancy and technical services to ensure the confidentiality, integrity and availability of your data – and to help you prepare for the forthcoming changes in data protection law.