GDPR from First Solution
…helping realise your desired business outcomes.
What is General Data Protection Regulation (GDPR)?
After four years of preparation and debate within the EU Parliament, GDPR legislation was finally approved on 14th April 2016 and on 25th May 2018 enforcement will begin, at which time non-compliant businesses will face heavy fines.
After Brexit, does GDPR still apply?
If you process data about individuals in the context of selling goods or services to citizens in other EU countries then you will need to comply with GDPR, irrespective as to whether or not the UK retains GDPR legislation post Brexit. If your activities are limited to the UK, then the position (after the initial exit period) is much less clear. The UK Government has indicated it will implement an equivalent or alternative legal mechanisms. Our expectation is that any such legislation will largely follow GDPR, given the support previously provided to the GDPR by the ICO and UK Government as an effective privacy standard, together with the fact that the GDPR provides a clear baseline against which UK business can seek continued access to the EU digital market.
What are the penalties for non-compliance?
Organisations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.
What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Does my business need to appoint a Data Protection Officer (DPO)?
DPOs mustbe appointed in the case of: (a) public authorities, (b) organisations that engage in large scale systematic monitoring, or (c) organisations that engage in large scale processing of sensitive personal data (Art. 37). If your organisation doesn’t fall into one of these categories, then you do not need to appoint a DPO.
How does GDPR affect policy surrounding data breaches?
Proposed regulations surrounding data breaches primarily relate to the notification policies of companies that have been breached. Data breaches which may pose a risk to individuals must be notified to the DPA within 72 hours and to affected individuals without undue delay.
How First Solution can help.
As an industry thought leader, we’re preparing a suite of GDPR compliant managed services which take the thought and worry out of your businesses compliance requirements. Keep checking back or join our mailing list for further updates.
At First Solution, we believe less is more. By consolidating and simplifying your business IT infrastructure and operations, we simultaneously reduce both complexity and risk. We achieve this simplification by auditing your entire IT estate, then architecting a highly secure and scalable cloud based solution powered by Cisco Meraki and the Microsoft Cloud. The agility provided by cloud based solutions allow your business to consume workloads as services, such as Email with the Microsoft Office 365 service. Our goal is to avoid manufacturer lock in and provide cost transparency (utilisation billing per user, per workload, per month). We manage the complete technology stack so that you can focus on delighting your customers.
We provide all of our services with a single monthly bill, whilst taking complete responsibility to manage the complexity of your IT estate. Our Managed Services include a 24/7/365 Network Operations Centre (NOC), a 24/7/365 Security Operations Centre (SOC) and a 24/7/365 Help Desk consistently closing over 70% of tickets on the first call with over 650 highly qualified people and mature operational processes. Our integrated Remote Monitoring and Management solution automatically tracks serial numbers, software, and infrastructure components using intelligent self-healing technology.
Ready to improve your cyber security posture?
Get started with a free and comprehensive cyber security audit. By simplifying your IT infrastructure we reduce complexity and free resources to focus on improving the customer experience.