Do you know what GDPR is? Ever heard of it? GDPR stands for General Data Protection Regulation. It is the new Data Protection Act on steroids (!), and it changes the way we are to handle data.
Key features include:
- Breaches in data security MUST be reported immediately (within 72 hours at the most) to the relevant authority (Information Commissioner’s Office in the UK).
- Individuals have more rights dictating how businesses use their personal data. In particular, they have the “right to be forgotten” if they either withdraw their consent to the use of their personal data or if keeping that data is no longer required.
- Much heavier penalties for failure to comply than under current legislation.
What about Brexit?
The EU General Data Protection Regulation will still apply to UK companies dealing with the EU, regardless of whether the UK remains in the union. In fact, it is likely that the UK’s 1988 Data Protection Act will be replaced to mirror GDPR after Brexit, so it’s unlikely to disappear internally in the UK either.
So how will it affect your business?
We are on a journey of discovery for ourselves and our clients as to what it is all about.
We are member of the Yorkshire Cyber Security Cluster, which is a great source of information on everything from ISO27001 to everyday crime issues. At the last event, the focus was on GDPR, and its impact on every level of business. It is clear that there is a lot of hype and scare tactics out there, and systems are being offered that claim to answer all the GDPR requirements. What was clear is that there is no one system that will answer all issues and many situations that are not clear. There is a large disconnect between the regulations and real world implementation.
So where do you begin? Until things are tested with case law, it is not possible to define a clear course of action, but common sense is the key factor.
- Look at where your data is stored (paper, electronic files, emails …)
- What risk is there of data breach? (internal staff access, cyber crime …)
- What steps can you take to limit the risks?
If you want to show that you are applying common sense, you can use systems that will document the fact you are training staff about cyber crime. You can use schemes / accreditations like ISO27001 or Cyber Essentials to show that you are doing your part to limit cyber crime.
In the Autumn we will be running our Digtial Cafe Series with a special GDPR event, where we will bring together our knowledge, and hopefully a few specialists for Q&A sections / round table discussions.
Until then look out for our Cyber Essentials review (coming soon), and of course, don’t hesitate to give us a call on 0114 287 0510 to discuss any of this further.
