<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=111591952803728&amp;ev=PageView&amp;noscript=1">
Skip to content
Our difference

We are on a mission to deliver innovative business transforming technology solutions that exceed our customers’ expectations.
 

Our culture

Our values guide us in everything we do and help shape our culture and customer approach. Find out more about our values and meet some of our team.
 

Our Microsoft Partnership

As a Microsoft Solutions Partner, we’ve been at the centre of the revolutionary changes that technology has brought to every aspect of life and we continue to stand by their side at the centre of tomorrow’s digital transformations.

Microsoft Solutions Partner

Our partners

We have successfully built relationships with multiple partners that prepare businesses for the future.
 

Carbon management

We understand our environmental responsibilities as a UK business and IT Managed Service Provider, and we understand how important it is for our customers to partner with responsible providers.
 

Careers

Our team is made up of a diverse group of people from all around the world, and we all have one thing in common: we’re passionate about providing our customers with outstanding solutions.

Thinking of selling your IT business?

Core is a well funded Microsoft Solutions Partner with a 30 year history of being at the heart of control in IT.

We are supported by our bankers and have funds available for strategic business acquisitions. Together with our successful acquisition track record and a commitment to making deals happen, now is the perfect time to talk to us if you are considering selling your IT business.

If you are interested in discussing a potential exit of your IT business, please complete the form on the right. All correspondence will be treated in the strictest of confidence and a mutual non-disclosure agreement will be exchanged prior to any discussions taking place.

Interactive Microsoft workshops

Our workshops are designed to help you realise the value of Microsoft technologies in your business, gain real value from your investment and transform the way you work.

The workshops are a collaborative and immersive experience; our experts will work with you to identify your business objectives and establish the Microsoft technologies to help you achieve them.
 

Request a workshop

Our range of workshops covers every aspect of the modern workplace including productivity, collaboration, identity, security and compliance and communication, with interactive and engaging sessions that bring the art of the possible to life.

Download our workshop guide

Read more about the interactive workshops we offer, and how they can benefit your business by downloading our guide.

MCI Workshop Introduction

Managed Services

Discover why Core is the first choice for many organisations looking to add flexibility, efficiency, and expertise to their teams.

Cloud Technology

From Microsoft’s leading platforms to bespoke cloud solutions, Core’s range of cloud technology solutions covers everything the modern workplace needs.

Professional Services

Whichever challenges you face on your digital journey, Core's professional services team has a solution to help, from IT Project Management to our innovative Smart Services.

Public Sector

Certified secure solution for the public sector, providing a reliable, flexible, secure and affordable IT solution.

Commercial Sector

Certified commercial sector solutions, covering all your commercial needs from financial and legal services, through to manufacturing.

Download our Frontline Workers white paper

Learn how technology can help to balance productivity with wellbeing for Frontline Workers.

White paper: How technology is revolutionising the health and productivity of frontline workers


Why customers choose us

Since we were founded in 1990 and started our Microsoft journey, we have supported over 10,000 customers on their communications and collaboration projects, and with the introduction of Microsoft's cloud technology, have grown our capabilities significantly across Microsoft 365 and Azure.

What sets us apart is a talented and passionate team who truly love what they do, demonstrating boundless enthusiasm and dedication in every single project.
 

logo-menu-david-lloyd

"It was apparent from day one that Core had a depth of knowledge in Microsoft 365, which we simply hadn’t found anywhere else."

Greater London Authority

"Core has a lot of experience working with the public sector, which was definitely a benefit."

Angel Trains

"There’s such a good working relationship with Core, it’s like having another permanent person in our organisation."

Talbot

"We had a really good, down to earth relationship with a few of the guys, and they know what they are doing."

Read our latest blog articles

Harnessing Evergreen IT Services for Strategic Advantage



Maximising Savings on Azure with Core’s Gain-Share Offer
Future-Proofing Your Business: The Perils of Rushing into Copilot for Microsoft 365



AI for All: How Microsoft's Latest Update on Copilot Opens Doors for all Businesses
The Core knowledge hub

Stay up-to-date with the latest insights, trends, and discussions from Core's team of subject matter experts through our blog topics and news articles.


Lucy WrightApr 12, 2018 2:45:06 PM5 min read

GDPR and its role in how you handle your customer data

In less than six weeks GDPR will replace the Data Protection Act 1998 (DPA) to become law in the UK. GDPR is a set of legal requirements which will govern how organisations of every kind obtain, process and use the data they hold about people like you and me.

GDPR is an EU law which means it applies to all EU member states as well as to organisations in countries outside the EU which supply products or services in to the EU. It will continue to be law in the UK, even after Brexit. 

Organisations that fail to comply with GDPR could face a fine of up to 4% of their annual turnover capped at 20 million euros. This far exceeds the current maximum fine allowed under the Data Protection Act of £500,000. Naturally, many organisations are concerned at the prospect of such substantial financial penalties being imposed. However, of equal if not greater concern, should be the threat to reputation that failing to comply with GDPR will bring. 

In many ways, GDPR mirrors the existing data protection requirements of the DPA but there are also several new additions and the significance of some DPA requirements has also been increased.  So, just how will GDPR affect the way you process your customer (or client, member or employee) data? The answer depends largely on the nature of your organisation, what you use the data for and how you use it. Key principles of GDPR which will have significant impact on how your handle customer data include:

  • Accountability
  • Data types
  • Basis (reason) for processing data
  • Consent
  • Data subjects' rights

This blog will explore these principles in more detail and look at their potential effect on how organisations process customer data. 

Accountability

Accountability is a fundamental principle of GDPR. According to the website of the Information Commissioner's Office (ICO), organisations need to demonstrate they comply with GDPR by putting into place "comprehensive but proportionate governance measures" that protect personal data and minimise the risk of a data leak. The accountability principle will guide how you process all your customer data, and some processes that were previously just good practice will become legal requirements under GDPR. 

Types of data

GDPR focuses primarily on two types of data: personal data and sensitive personal data. Personal data is defined as any data that can identify an individual, for example, a name, an ID number, location number or online identifier. Sensitive personal data is a separate, special category which includes genetic and biometric data which could be used to uniquely identify an individual. Criminal convictions and offences aren't included in the sensitive personal data category, although other conditions apply to their processing. 

GDPR applies to both automated (electronic) data and manual records which contain data, such as paper files. Personal data that has been 'pseudonymised' (given additional protection, such as key-coding) can also come under GDPR jurisdiction. Identify which type of data you handle - it could be both- and familiarise yourself and your teams with the GDPR requirements of that category. 

Basis for processing

Basis for processing is another very important aspect of GDPR that will heavily influence how you handle data. GDPR stipulates that every organisation needs a valid, lawful reason for processing personal data. This reflects the current Data Protection Act which also says that certain 'conditions for processing' need to be satisfied for data to be processed. GDPR recognises six lawful reasons for processing. These are:

  • Consent
  • Contract
  • Legal obligations
  • Vital interests
  • Public tasks
  • Legitimate interests

For every bit of data processed you must decide which lawful basis applies. This should be established before processing the data, and you should think carefully as it is bad practice to change the lawful basis later. To process 'special category' data (data that GDPR classes as more sensitive and in need of more protection), you must have both a lawful basis and satisfy an additional GDPR condition.

Consent

Gaining consent from data subjects in a way that meets certain criteria is a very important part of GDPR. Individuals must be given choice and control over, firstly, if their data is used, and secondly, how it is used. For example, people can opt-in to receive emails to a greater or lesser extent or choose not to receive emails at all. GDPR does not allow pre-ticked consent boxes or other methods of 'consent by default'; a 'positive opt-in' from every individual is required. Organisations should also make it clear how to withdraw or refuse consent and make this an equally easy process. For additional clarity and transparency, consent requests and information should be kept separate to other website terms and conditions. 

The revised regulations around consent actually present businesses and other organisations with a great opportunity to enhance their reputation and strengthen their relationship with customers, clients, employees or members. Businesses, for example, will benefit from positive opt-in because the result will be a more engaged and receptive email marketing list made up of potential customers who have deliberately chosen to receive marketing communications.

The first step in making sure your consent processes are compliant is to review them. If they don't meet the new standards, making the changes outlined above is a good first step towards GDPR compliance regarding consent.

Data subjects' rights

GDPR grants certain rights to data subjects to help protect their privacy and data. All data subjects have the following rights:

  • The right to be informed - individuals have the right to be informed about the collection and use of their personal data
  • The right of access - individuals have the right to access their personal data and supplementary information
  • The right to rectification - individuals have the right to have inaccurate personal data rectified or completed if it is incomplete
  • The right to erasure - individuals have the right to have personal data erased
  • The right to restrict processing - individuals have the right to request restriction of their personal data
  • The right to data portability - individuals have the right to obtain and reuse their personal data for their own purposes
  • The right to object - individuals have the right to object to processing of their data for certain purposes and direct marketing
  • Rights related to automated decision making and profiling - GDPR has provisions on automated individual decision making and profiling

These rights will influence all your data processing activity. More information on data subjects' rights can be found here.

The principles above will undoubtedly have an impact on how you handle data, and while they may seem overwhelming at first, a few simple changes can help your organisation demonstrate a desire to be GDPR-compliant. If you would like further information on GDPR and how Core can help your organisation, contact us today. From free GDPR events to a full compliancy assessment and report, we can put you on the path to GDPR compliance. Core has also created a GDPR checklist and guide to help your organisation establish how compliant you are at present, quickly and easily. This checklist can be shared throughout your organisation and will help you identify gaps in your current data protection procedures which need addressing to demonstrate compliancy. Get your free GDPR checklist here:

 

 

 

 

 

 

 

avatar

Lucy Wright

My name is Lucy and this is my author bio.