Countdown to GDPR
Written by Bradleigh Bishop on 26/01/2018
GDPR (or General Data Protection Regulation) comes into force on 25th May 2018, meaning that as of this week, there’s only four months to go. That might seem like a long time to some, but with GDPR bringing fundamental changes to the principles behind data protection, it pays to get your GDPR compliance sorted sooner rather than later.
What do businesses need to be aware of?
As you might expect, the new rules in full run to many, many pages, but the interesting new points (or at least, the new points that are likely to catch people out) are focussed around rights and consent. Data subjects (that’s people about whom you hold personal data) have more rights on how their data can and cannot be used, whilst the new rules on consent mean every company has to be upfront about how the use personal data. Other interesting points include:
- Mandatory breach notifications - you must tell the relevant authorities if you’re breached (this is usually where the big-figure fine headlines come from)
- The right to access – you must have a framework in place to be able to inform data subjects on how you’re processing their data
- The right to be forgotten - according to certain conditions being met, organisations must be able to delete all data they hold about a data subject upon their request
- Data Protection Officer - The ICO recommend appointing a Data Protection Officer and for some organisations GDPR say it's a mandatory requirement
Changes? Yes. Worry? No.
GDPR was signed into law as of 2016, and the last two years have been a grace period to allow everyone to get up-to-scratch. This means that come the 25th of May, there’ll be no excuses. There have been a lot of scare stories in the media, with astronomical fines grabbing headlines, but the truth is (thankfully) far more rational and balanced. The ICO themselves have published a blog about some of the myths surrounding GDPR. The good news is that they’re not there to start dishing out fines come 00:01 on the 25th May – they’ve made it very clear that their priority is for everyone to have good standards of data security, not to slap fines on huge organisations from day one. That said, it’s every organisation’s duty to take GDPR seriously and make changes to their business where appropriate.
You're not alone
If you’re struggling interpreting the new legislation or aren’t what applies to your business, you’re not alone! We’ve already worked with many organisations that found it challenging to unpick the new rules and regulations, and a different challenge altogether to adjust their business processes and practices. There are many companies out there offering GDPR support, so do your homework and look for a company that uses Certified GDPR Practitioners. Bulletproof ourselves offer GDPR Gap Assessments, follow-on implementation consultancy and a even an Outsourced DPO service to help organisations get ahead.
ISO 27001 and 9001 certified
Tigerscheme qualified testers
PCI DSS v3.2 Level 1
24/7 on-site Security
Get a quote today
If you’re interested in our services, get a free, no obligation quote today by filling out the form below.