Request A Callback

Let's take a few details.

0800 614 678

 0800 614 678

GDPR: What do I need to know?

By 12th December 2017Blog, Security, Show on Homepage
GDPR process

In the UK, and across Europe, one of the most discussed upcoming changes to legislation is the General Data Protection Regulation (GDPR). Despite the decision to withdraw from the European Union (EU), the UK government stated it would bring the EU GDPR into UK law, ensuring certainty over how UK businesses can use data in the future. To give people greater control over their personal information, the introduction of the full GDPR will be coming into effect on 25th May 2018.

From small businesses to large organisations, it’s important that you’re up to date with these changes and understand how to safeguard your business from future sanctions. GDPR is essentially an overhaul of the Data Protection Act (DPA) and will take into consideration more recent technologies that weren’t directly addressed by DPA. Here are the key points you need to be aware of.

 

Greater control and protection for individuals

The whole purpose behind GDPR is that it has become harder for you to know where your data is and how to have it altered. Under GDPR, businesses are required to pass control back to individuals who will have the ability to alter, transfer, or even request that their data be deleted in certain circumstances. This is the ‘right to be forgotten’.

GDPR personal data

 

It’s all about the details

One of the major concerns at present is how businesses go about collecting data. Many UK based individuals are unaware of when they are having their data collected and for what purpose. Businesses need to offer full transparency and make it clear when they are collecting data and why. For example, you will need to remove all auto opt-in checkboxes on sign up forms. Furthermore, once you have finished using the data for its intended purpose, you will need to destroy it.

 

New world of cyber threats

Cyber threats are becoming more widespread and damaging. In fact, it was reported that nearly six million fraud and cyber crimes were committed in the UK alone, in 2016. To combat this, organisations, small and large, need to ensure they have the required safety protocols in place for protecting valuable customer, employee and company data. The most effective way of achieving this is with a robust information security management system (ISMS). Achieving ISO 27001 accreditation demonstrates that your company is taking the necessary steps to follow information security best practice, ensuring that all data is sufficiently protected at all times.

Be aware that, even after taking such measures, your systems may be subject to regular impact assessments by the Information Commissioner’s Office (ICO) to ensure data is stored safely. Large organisations, in particular, are accustomed to holding extremely large amounts of data, so need to ensure they are fully protected in case of attempted security breaches.

GDPR security

 

There will be harsher penalties in place

Failure to comply with these safety measures can lead to hefty fines from the ICO. They are having their powers greatly increased, meaning they can carry out tests more frequently. Beyond this, they are also able to fine businesses for a greater list of infringements, and their maximum fine limit is being increased from £500,000 to £17 million, or 4% of annual global revenue – whichever is higher.

It is worth noting that, even after Brexit occurs, the provisions of the GDPR will still apply through the implementation of domestic law. In actual fact, it is widely believed that GDPR will be extended following Brexit to further ensure the safety of individual’s data across the UK. The ICO has made it clear that no matter the cause for any mismanagement of data under the new GDPR, businesses as a whole will be punished.

 

Knowing the basics of GDPR

The ICO is the UK’s independent body responsible for upholding the correct use, collection and storage of private information. They have taken action to ensure organisations take the relevant and necessary measures to meet their information rights obligations. From self-assessment reports and audits, to legislation guides and case studies, there is a wealth of information and advice available to organisations seeking guidance. With such widespread changes to data protection imminent, educating employees is key to ensuring data is captured, stored and used legally. Discover more here to learn how to comply.

Share with your followers
 

Support with you at the centre.

Atalian Servest are a global solutions provider and we’re here to take your enquiry and assist you in the most efficient way that allows you, your business and the teams you employ to focus on what it is you do. Contact us today.

Request a Callback