The General Data Protection Regulation (GDPR) was enforced on 25th May 2018.
Born out of the need to modernise and update 20th Century Data Protection rules which weren't designed to handle the way our digital world has developed. GDPR is a necessary EVOLUTION to the Data Protection Act of 1998.
If you hold, obtain or process any data that can identify a living individual - then GDPR DOES apply to you. This is not a guideline, this is THE LAW from May 2018.
What does it mean to my business?
The GDPR will apply to ANY business that stores information on any UK/EU citizen with fines up to 4% of your global annual turnover or 20 million euros, whichever is higher.
Do you employ staff who's details you've obtained?
Do you hold personal information, location details of customers? Names? Addresses? Telephone Numbers? Email Addresses?
What processes and procedures do you have in place for securing that data?
Can you justify your solutions and security standards to the Supervising Authority?
As a business you will almost certainly use peoples personal data (writing a customer’s name on an invoice means you are using their personal data) – it really is that basic.
The first steps to becoming GDPR compliant include:
Conducting an audit to identify what types of data your business holds.
Work out on what basis you are legally allowed to use that data.
Contact ISCUBA Solutions for a free no obligation GDPR consultation.
Remember the primary focus of GDPR is to ensure businesses take responsibility for the data they hold and take reasonable measures to protect it.
Think about how your business currently looks after that data and keeps it safe – physically and digitally.
Here are some points to consider:
Do you have legitimate software throughout your business? (for example, copied or cracked applications could contain security vulnerabilities and or malware)
Are industry standard encryption algorithms and technologies employed for transferring, storing and receiving individuals' sensitive personal information?
Can the availability and access to personal data be restored in a timely manner in the event of a physical or technical incident?
Is there a documented security programme that specifies the technical, administrative and physical safeguards for personal data?
Is there a documented process for resolving security related complaints and issues?
Is there a documented policy/procedure for handling subject access requests (SARs)?
Are individuals informed of their right to demand erasure or rectification of personal information held about them (where applicable)
Contact us today for an independent GDPR consultation