Stay calm and work towards complying. It’s here whether you like it or not!
The EU General Data Protection Regulation (GDPR) came into force as of May 25th 2018. It replaces the current Data Protection Directive 95/46/EC and is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy. Penalties for non-compliance can be severe, up to 4% of global turnover for the more reckless or negligent of acts.
And irrespective of Brexit this law will be applicable in the UK, as the UK Data Protection Directive, so there is no avoiding this – it is here to stay, and particularly if you do business with other EU / EEA countries.
GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Some of the key privacy and data protection requirements of the GDPR include:
- Requiring the consent of subjects (EU Citizens) for data processing
- Anonymizing collected data to protect privacy
- Providing data breach notifications to the ICO
- Safely handling the transfer of data across borders
- Requiring certain companies to appoint a data protection officer to oversee GDPR compliance
Simply put, the GDPR mandates a baseline set of standards for companies that handle EU citizens’ data to better safeguard the processing and movement of citizens’ personal data.
'personal data' is any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Octree provides cost effective GDPR, ISO27001, ISO27701, CyberEssentials and Cyber Security solutions for even the smallest of businesses.
If you do not protect the Confidentiality, Integrity and Availability of personal data you will be in trouble.
We have our own GDPR Clinic please go to https://www.gdpr-clinic.co.uk/ for all our latest information!
Who is Subject to GDPR Compliance?
The purpose of the GDPR is to impose a uniform data security law on all EU members, so that each member state no longer needs to write its own data protection laws and laws are consistent across the entire EU. In addition to EU members, it is important to note that any company that markets goods or services to EU residents, regardless of its location, is subject to the regulation. As a result, GDPR will have an impact on data protection requirements globally.
All organisations should have finished an initial assessment phase in readiness. A gap analysis to determine where you need to focus your efforts to get on-track towards compliance. And we can help with that.
If you do not know your PIAs from your DPIAs, your PIMS from your ISMS, your DPO from your DPA, your BCRs from your SARs, your EDPB from your PECR (all confusing terms specified in the new regulation), then you really need to ask someone that does.
The Certified GDPR Practitioners at Octree are ideally placed to assist you with the complex and difficult to decipher world of Data Protection compliance.
To find out more about how we can resolve your IT issues please email or call us:Send us an email Call us +44 (0)1462 416400