What is the GDPR?
The General Data Protection Regulation (GDPR) has been developed to create a standard in data privacy laws across Europe. It replaces the UK’s Data Protection legislation but has a much wider scope. Key points which you need to be aware of include:
- Wide ranging. The General Data Protection Regulation will apply to all organisations that process the personal data of anyone living in the European Union;
- Privacy. Key to the GDPR is that data protection is included by design. Work on the premise not of allowing access to everything and selectively blocking. Block access to all data and selectively allow that which is needed for employees to do their job;
- Fines. Companies that are not GDPR compliant can be fined up to 4% of their annual global turnover or €20 million (whichever is greater). Whilst those numbers may seem a little unrealistic, don’t forget that’s ‘up to’ 4%. Time will tell how many smaller fines are given out for companies who don’t comply;
- Clear Consent. It is critical that consent is sought (and proof retained) in an easily accessible manner to process someone’s data. Equally, a process must exist to remove that data if consent is withdrawn. Good examples of this would be a database of email addresses used for marketing;
- Notification. Notification of any data breach to the ICO will become mandatory and must be done within 72 hours of first having become aware of a breach.
Whilst GDPR isn’t all about IT, computer systems factory heavily into it. Westcom can help with technologies from Microsoft in the form of Office 365 for secure email and file storage through to device encryption using DES Lock Pro and high security firewall protection using StormShield products.
Westcom can help with sample policies, a review of IT security and recommendations of sensible steps to take to help your business move towards compliance.
