Tag: compliance

GDPR-Guide
GDPR

GDPR in your organisation – A 12 step guide to achieving compliance

From 25th May 2018, GDPR (General Data Protection Regulation) will place a greater emphasis on data controllers to be accountable for personal identifiable information that they hold. Organisations that suffer data breaches and fail to comply with the Regulation could face fines of up to 20 million euros or 4% of global turnover – whichever is greater. GDPR gives new rights to the individual to enquire and ascertain what information is held about them and how their data is used; shifting the balance of power from the company in favour to the individual. This simple 12-step checklist will provide you with a framework to review information and systems from collecting, processing, retaining personal information and how this is communicated and controlled within your business.

Simply fill in the form below to download our 12 step guide.

 

GDPR in your organisation – A 12 step guide to achieving compliance

GDPR-Guide

From 25th May 2018, GDPR (General Data Protection Regulation) will place a greater emphasis on data controllers to be accountable for personal identifiable information that they hold. Organisations that suffer data breaches and fail to comply with the Regulation could face fines of up to 20 million euros or 4% of global turnover – whichever is greater. GDPR gives new rights to the individual to enquire and ascertain what information is held about them and how their data is used; shifting the balance of power from the company in favour to the individual. This simple 12-step checklist will provide you with a framework to review information and systems from collecting, processing, retaining personal information and how this is communicated and controlled within your business.

GDPR
Compliance, cyber security, GDPR

What is… GDPR?

Whether you’re a family bakery in Birmingham that keeps a list of local delivery addresses, or a multinational giant headquartered outside Europe that sells globally online, the EU’s General Data Protection Regulation almost certainly applies to you.

GDPR is short for General Data Protection Regulation, and it’s the name of a law in the European Union (EU) that sets out to protect the rights of individuals in respect of their data.

Loosely speaking, any organisation that holds data about any resident of the EU is expected to comply.

Whether you’re a family bakery in Estonia that keeps a list of local delivery addresses, or a multinational giant headquartered outside Europe that sells globally online, GDPR applies to you.

GDPR was adopted as an EU law in April 2016, but the regulators decided to give us all plenty of time to become compliant, so the law only takes effect in May 2018.

That’s just as well, because although it’s officially just “a regulation”, GDPR runs to 11 Chapters, 99 Articles and several hundred pages of legislation.

Indeed, GDPR covers a lot more issues than many people realise.

You’ll often hear GDPR mentioned as though it were concerned mainly with mistakes – in other words, that it’s mostly about data breaches and data breach notifications.

In fact, only three of the 99 Articles actually deal with breaches, because GDPR is more of a digital privacy lifestyle guide, covering all aspects of personal data and how you use it.

Amongst other things, GDPR deals with the data you collect in the first place, how you tell people what you are going to do with it, what you actually do with it, how you store it securely, whom you allow to access it, and – the part that seems to attract the most interest and attention – what happens if you fail to comply.

Falling foul of GDPR means the possibility of a fine, and GDPR fines can go significantly higher than most laws that existed around Europe before GDPR came in.

At the very worst, GDPR penalties can go up to €20,000,000 or 4% of your global annual turnover, whichever is bigger.

Of course, the regulators aren’t compelled to impose penalties that large, and it is reasonable to assume that they won’t blindly plump for the maximum every time, so we shan’t know how big the fines are likely to be until the first few have been handed out.

In short: GDPR will standardise data protection across the EU; if you do business in Europe you almost certainly need to comply; the law may seem onerous, but in a world with as many breaches as we have had in recent years, GDPR seems like just the sort of regulation we need; and you can expect to end up in hot water if you don’t comply.

Oh, to be clear: GDPR applies in the UK, which is currently part of the EU, and will effectively apply even after the UK leaves the EU, because the government plans to pass a local law that will mirror GDPR.

For more information regarding GDPR or how to become compliant contact sales@cyboar.co.uk.

Source: Sophos