For some time, it’s been argued that data laws need to be
changed and improved to keep up with an increasingly digitalised world, so
after 4 years of preparation and debate, GDPR was approved by the EU Parliament
in April 2016.
The General Data Protection Regulation (GDPR) will be
enforced across Europe, including the UK, on May 25th, 2018. For
citizens, the law will provide more control over their personal data and create
a number of new rights, measures businesses need to adopt, and mandatory data
The Key Changes
All companies, regardless of whether they are located in the
EU or not, must be compliant when processing the personal data of citizens
residing in the EU.
Organisations must report a data breach to the Information
Commissioners Office (ICO) within 72 hours of becoming aware of it. If they
choose not to report it, or are found to have ignored principles of GDPR, they
could face fines of up to €20 million or 4% of their group annual global
turnover (whichever is higher).
The conditions for consent have been strengthened. Companies
will no longer be able to use long terms and conditions full of legalese. The
request for data/consent must be given in a clear, easily accessible form and
it must be as easy for citizens to withdraw consent as it is to give it.
Citizens have the right to know whether their personal data is
being processed, where, and for what purpose. If requested, the controller will
have to provide a copy of the personal data, free of charge. Citizens can also
demand their data is deleted if it’s no longer necessary for an organisation to
You may need to employ a data protection officer if your
organisations core activities involve data processing or monitoring individuals
on a large scale.
If you’re unsure of where to start with GDPR, Xuper can
provide a GDPR audit. An audit can take around 4/5 months but could be vital in
your business achieving compliance. It will start by looking at your current
processes with handling data, what data you hold, how you collect it/store it,
and identify any security gaps in your systems.
By achieving GDPR compliance, you have a huge advantage over
competitors who haven’t. Data breaches will be much harder to cover up and news
of them is likely to travel much faster, this along with huge fines, it could dramatically
damage a company financially and their reputation.
If businesses take the opportunity to represent themselves
to customers as responsible and secure with handling data, it can only improve
Xuper are a global IT support company located on Wyvern
Business Park, Derby. We can provide a range of cyber and network security
measures to assist you before GDPR. Some of these include a GDPR audit, risk
and vulnerability testing, security improvement plans, penetration testing,
managed security services, and more.
If you would like to book a GDPR audit or speak to one of
our experts, you can contact us on 01332 362 481 or [email protected] or visit our website www.xuper.co.uk