What is GDPR?
General Data Protection Regulation (GDPR) is new EU legislation which governs how personal data is obtained, processed, used and shared by organisations of every kind, from global businesses to public authorities. GDPR replaces the Data Protection Act 1998 in the UK and is designed to protect the privacy of data subjects (people).
GDPR also applies to companies located outside of the EU that possess the data of EU citizens, perhaps through selling products or services into the EU. This means its impact will be felt around the world. In fact, it has been called the most important change in data privacy laws for 20 years.
How is GDPR different to current data protection laws?
Many aspects of GDPR are similar to the Data Protection Act (DPA), but there are some changes and new additions. For this reason, organisations need to thoroughly understand the principles of GDPR and not just expect it to silently replace the DPA. Organisations who possess and process data but do not demonstrate efforts to comply with GDPR could be fined. Fines are capped at 17 million euros or 4% of annual turnover; considerably more than the £500,000 maximum fine allowed under the Data Protection Act. The Information Commissioner’s Office (ICO) is the body responsible for enforcing GDPR in the United Kingdom. They have stressed that, while fines are possible -particularly in the event of a serious data breach– they will not be automatically imposed on non-complaint companies. Rather, organisations should be more concerned with the threat to reputation that non-compliance could bring.
The stringent rules of GDPR will benefit not just data subjects but businesses, too. Compliance should, in theory, result in fewer data breach, a better level of security of personal data, stricter regulations around data sharing and better quality data for businesses leading to more targeted direct marketing.
For organisations in the early stages of reviewing their data protection procedures, there are a number of simple first steps which can be taken, today, to kick-start your compliance; it’s not too late! However, it is generally agreed that, whether your data protection policies are water-tight or you suspect you have lots of work to do, you should bring in an expert to advise your organisation on GDPR compliance. This could be an external agency or an in-house Data Protection Officer. Whichever route you choose, consulting a GDPR expert will mean you receive the most current professional advice, including the legal implications and repercussions of GDPR. Handling data correctly is too important to leave to chance.
How can Core help with GDPR?
Core offer two services which can help your organisation become compliant with GDPR. The first, is our GDPR Compliancy Assessment. In this five-stage process, Core will conduct a comprehensive gap analysis at your organisation to identify the areas which need improving to adhere to GDPR legislation. We will produce a detailed report of the engagement containing a review of the findings, recommendations and the costs of implementing the recommendations. Alternatively, or in addition to this, your organisation can take advantage of our Managed Services offering and allow us to safely store your data in the cloud. A cloud-based data solution like Microsoft Office 365 has some of the most robust data security technology in the world. GDPR-compliant measures that meet the security and threat protection requirements of GDPR are already in place, so you don’t have to worry about a data breach or how secure your data is. Using a cloud-hosting solution also means your software will be updated on an ongoing basis by Core, so you will always have the most cutting-edge technology on your side.
If you could use an extra helping hand on your path to GDPR compliancy, download Core’s free GDPR checklist. It can help your organisation establish how compliant your current data protection procedures are, and the gaps in your processes which need addressing in order to become compliant.
Access your free copy here: