Countdown to GDPR

Written by Bradleigh Bishop on 26/01/2018

GDPR Countdown

GDPR (or General Data Protection Regulation) comes into force on 25th May 2018, meaning that as of this week, there’s only four months to go. That might seem like a long time to some, but with GDPR bringing fundamental changes to the principles behind data protection, it pays to get your GDPR compliance sorted sooner rather than later.

What do businesses need to be aware of?

As you might expect, the new rules in full run to many, many pages, but the interesting new points (or at least, the new points that are likely to catch people out) are focussed around rights and consent. Data subjects (that’s people about whom you hold personal data) have more rights on how their data can and cannot be used, whilst the new rules on consent mean every company has to be upfront about how the use personal data. Other interesting points include:

  • Mandatory breach notifications - you must tell the relevant authorities if you’re breached (this is usually where the big-figure fine headlines come from)
  • The right to access – you must have a framework in place to be able to inform data subjects on how you’re processing their data
  • The right to be forgotten - according to certain conditions being met, organisations must be able to delete all data they hold about a data subject upon their request
  • Data Protection Officer - The ICO recommend appointing a Data Protection Officer and for some organisations GDPR say it's a mandatory requirement

There’s a good chance you’re doing a lot of GDPR already, so some changes might be as simple as updating your Privacy Policy to make data subjects aware. Other changes though will undoubtedly need more work.

Changes? Yes. Worry? No.

GDPR was signed into law as of 2016, and the last two years have been a grace period to allow everyone to get up-to-scratch. This means that come the 25th of May, there’ll be no excuses. There have been a lot of scare stories in the media, with astronomical fines grabbing headlines, but the truth is (thankfully) far more rational and balanced. The ICO themselves have published a blog about some of the myths surrounding GDPR. The good news is that they’re not there to start dishing out fines come 00:01 on the 25th May – they’ve made it very clear that their priority is for everyone to have good standards of data security, not to slap fines on huge organisations from day one. That said, it’s every organisation’s duty to take GDPR seriously and make changes to their business where appropriate.

You're not alone

If you’re struggling interpreting the new legislation or aren’t what applies to your business, you’re not alone! We’ve already worked with many organisations that found it challenging to unpick the new rules and regulations, and a different challenge altogether to adjust their business processes and practices. There are many companies out there offering GDPR support, so do your homework and look for a company that uses Certified GDPR Practitioners. Bulletproof ourselves offer GDPR Gap Assessments, follow-on implementation consultancy and a even an Outsourced DPO service to help organisations get ahead.

  • Bulletproof are CREST approved

    CREST approved

  • Bulletproof are ISO 27001 and 9001 certified

    ISO 27001 and 9001 certified

  • Bulletproof are Tigerscheme qualified testers

    Tigerscheme qualified testers

  • Bulletproof are a PCI DSS v3.2 Level 1 service provider

    PCI DSS v3.2 Level 1
    service provider

  • Bulletproof have 24/7 on-site Security Operations Centre

    24/7 on-site Security
    Operations Centre

Get a quote today

If you’re interested in our services, get a free, no obligation quote today by filling out the form below.