GDPR (General Data Protection Regulation)
From May 2018
GDPR compliance became a legal requirement for all EU-based companies and all Non-EU companies whose business activities involve holding or processing data about EU citizens. Companies are required to give data subject’s greater control over what personal information is held and what that data can be used for.
One Law for All
Even countries not based in the EU have to comply if they process or control data about EU citizens, and the UK has kept most of the requirements of GDPR even after leaving the EU. GDPR severely increases the fines that can be imposed when there is a data breach. Under the Data Protection Act (1998) the maximum fine for a breach is £500,000. Under GDPR this rose to €20,000,000 or 4% of the organisation’s global annual turnover, whichever is greater.
The new EU data protection regime extends the scope of the EU data protection law to all foreign companies processing data of EU residents.
But my company is not in the EU?
GDPR affects all businesses offering any type of service to the EU market, regardless of whether your business stores or processes data on EU soil.
The UK will retain GDPR post Brexit. As part of the Brexit process, existing EU laws in force in the UK were converted into full UK laws. That, effectively, means that the EU’s General Data Protection Regulation or GDPR is law in the UK too.
- provides a substantial learning curve;
- requires privacy by design;
- introduces the right to be forgotten;
- widens the definition of personal data.
How we can help you
While there is no official certification of GDPR compliance, you can demonstrate compliance by becoming certified in a recognised Information Security standard. For smaller businesses we would recommend Cyber Essentials or IASME, and for larger businesses ISO 27001.
We will perform a review of your business and create bespoke policies to ensure that you are compliant while meeting your business needs. We engage with every business with which we work to ensure that we fully understand the individual requirements of each, and allow data protection to work with, and not against your business.
We will support you through the implementation stage at whatever level you desire, from ad-hoc consulting to full planning and ownership of any actions required for implementation or any point in between. At all times we will focus on ensuring that your ISMS can be maintained over time and will continue to meet your compliance requirements.
While we will seek to ensure that your ISMS can be maintained without the need for ongoing support we will be happy to provide support as needed to accommodate changing requirements as your business grows.
GDPR compliance provides the following benefits:
- Proven commitment to security
Your business partners, regulators, suppliers and clients will be able to see that you take data protection seriously
- Competitive advantage
Companies which are not at least looking to ready themselves by this point may give the appearance that they do not care about data protection and may not be ready when GDPR comes into effect
- Public sector contracts
Independently verified GDPR compliance is likely to become mandatory for public sector suppliers
- Protecting sensitive data.
Data is one of the most valuable assets of many companies, cyber criminals will actively target companies with high value data and companies are also susceptible to data leakage where high value data is inadvertently disclosed. Compliance with GDPR will reduce your exposure to these threats and keep you safe in the knowledge that your data is safe.