GDPR from First Solution
…helping realise your desired business outcomes.
Time Until GDPR Enforcement
What is General Data Protection Regulation (GDPR)?
After four years of preparation and debate within the EU Parliament, GDPR legislation was finally approved on 14th April 2016 and on 25th May 2018 enforcement will begin, at which time non-compliant businesses will face heavy fines.
After Brexit, does GDPR still apply?
If you process data about individuals in the context of selling goods or services to citizens in other EU countries then you will need to comply with GDPR, irrespective as to whether or not the UK retains GDPR legislation post Brexit. If your activities are limited to the UK, then the position (after the initial exit period) is much less clear. The UK Government has indicated it will implement an equivalent or alternative legal mechanisms. Our expectation is that any such legislation will largely follow GDPR, given the support previously provided to the GDPR by the ICO and UK Government as an effective privacy standard, together with the fact that the GDPR provides a clear baseline against which UK business can seek continued access to the EU digital market.
What are the penalties for non-compliance?
Organisations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g. not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.
What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Does my business need to appoint a Data Protection Officer (DPO)?
DPOs must be appointed in the case of: (a) public authorities, (b) organisations that engage in large scale systematic monitoring, or (c) organisations that engage in large scale processing of sensitive personal data (Art. 37). If your organisation doesn’t fall into one of these categories, then you do not need to appoint a DPO.
How does GDPR affect policy surrounding data breaches?
Proposed regulations surrounding data breaches primarily relate to the notification policies of companies that have been breached. Data breaches which may pose a risk to individuals must be notified to the DPA within 72 hours and to affected individuals without undue delay.
How First Solution can help.
As a true GDPR Solutions Provider, we offer a Risk Intelligence which can scan any network and help to assess the Personally Identifiable Information (PII) located throughout the network (even in hard to find persistent storage). This can be particularly helpful for data mapping exercises and prioritising your security efforts by locating any unsecured PII that could pose a risk.
Our Managed Backup and Recovery service mitigates the threat of ransomware and cyberattacks. Businesses can’t afford to lose individuals’ data. As a GDPR Solutions Provider our Managed Backup and Recovery service is designed to provide fast backup, rapid recovery, and secure storage, all via a hybrid cloud architecture.
Personal information often gets shared using email. Office 365 provides strong email security and encryption to help you manage this channel. Additionally, it includes an email archive, so you always have access to customers’ emails in the event you need to answer a request.
Our Remote Monitoring and Management service gives you the tools you need to monitor your business in a single web based dashboard. It includes integrated Risk Intelligence, like antivirus, web protection and content filtering, mail protection, user permission controls, logs, and hybrid cloud backup and recovery.
At First Solution, we believe less is more. By consolidating and simplifying your business IT infrastructure and operations, we simultaneously reduce both complexity and risk. We achieve this simplification by auditing your entire IT estate, then architecting a highly secure and scalable cloud based solution powered by the Microsoft Cloud. The agility provided by cloud based solutions allow your business to consume workloads as services, such as Email with the Microsoft Office 365 service. Our goal is to avoid manufacturer lock in and provide cost transparency (utilisation billing per user, per workload, per month). We manage the complete technology stack so that you can focus on delighting your customers.
We provide all of our services with a single monthly bill, whilst taking complete responsibility to manage the complexity of your IT estate. Our Managed Services include a 24/7/365 Network Operations Centre (NOC), a 24/7/365 Security Operations Centre (SOC) and a 24/7/365 Help Desk consistently closing over 70% of tickets on the first call with over 650 highly qualified people and mature operational processes. Our integrated Remote Monitoring and Management solution automatically tracks serial numbers, software, and infrastructure components using intelligent self-healing technology.
Ready to become GDPR compliant?
We’ve created a handy 12 page guide to help those who have been tasked with the responsibility for, or for their input into, complying with EU General Data Protection Regulation (GDPR).