What is General Data Protection Regulation (GDPR)?
After four years of preparation and debate within the EU Parliament, GDPR legislation was finally approved on 14th April 2016 and on 25th May 2018 enforcement will begin, at which time non-compliant businesses will face heavy fines.
After Brexit, does GDPR still apply?
If you process data about individuals in the context of selling goods or services to citizens in other EU countries then you will need to comply with GDPR, irrespective as to whether or not the UK retains GDPR legislation post Brexit. If your activities are limited to the UK, then the position (after the initial exit period) is much less clear. The UK Government has indicated it will implement an equivalent or alternative legal mechanisms. Our expectation is that any such legislation will largely follow GDPR, given the support previously provided to the GDPR by the ICO and UK Government as an effective privacy standard, together with the fact that the GDPR provides a clear baseline against which UK business can seek continued access to the EU digital market.
What are the penalties for non-compliance?
Organisations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g. not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.
What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Does my business need to appoint a Data Protection Officer (DPO)?
DPOs must be appointed in the case of: (a) public authorities, (b) organisations that engage in large scale systematic monitoring, or (c) organisations that engage in large scale processing of sensitive personal data (Art. 37). If your organisation doesn’t fall into one of these categories, then you do not need to appoint a DPO.
How does GDPR affect policy surrounding data breaches?
Proposed regulations surrounding data breaches primarily relate to the notification policies of companies that have been breached. Data breaches which may pose a risk to individuals must be notified to the DPA within 72 hours and to affected individuals without undue delay.
How First Solution can help.
As a true GDPR Solutions Provider, we offer a Risk Intelligence which can scan any network and help to assess the Personally Identifiable Information (PII) located throughout the network (even in hard to find persistent storage). This can be particularly helpful for data mapping exercises and prioritising your security efforts by locating any unsecured PII that could pose a risk.
Our Managed Backup and Recovery service mitigates the threat of ransomware and cyberattacks. Businesses can’t afford to lose individuals’ data. As a GDPR Solutions Provider our Managed Backup and Recovery service is designed to provide fast backup, rapid recovery, and secure storage, all via a hybrid cloud architecture.
Personal information often gets shared using email. Office 365 provides strong email security and encryption to help you manage this channel. Additionally, it includes an email archive, so you always have access to customers’ emails in the event you need to answer a request.
Our Remote Monitoring and Management service gives you the tools you need to monitor your business in a single web based dashboard. It includes integrated Risk Intelligence, like antivirus, web protection and content filtering, mail protection, user permission controls, logs, and hybrid cloud backup and recovery.
As your business evolves, so do your systems, infrastructure, and the skills of your people. Our Proactive IT Support Services provide a wide range of IT support, including IT staff training, health and risk assessments, and best practices. Our support services IT focused approach helps you identify and address potential issues and risks up-front to make sure that your IT systems are healthy and stay that way with Proactive IT Support.
Our Proactive Services are available for our clients. Many of our clients environment's are dependent on applications and developers who innovate on the Microsoft platform. We connect you with deep expertise around Microsoft development technologies. Proactive Services are available for on premise, in the cloud or hybrid solutions. Many of our services are optimised to assist your IT team in migration and support in complex transitional environments and solutions.
Why Work With Us
24/7 IT Support
World class Service Desk with 85% of tickets solved on first response.
Strategic IT Partner
IT strategy and roadmap development using industry leading consultancy processes.
ISO 27001 and Cyber Essentials plus certified.
Next generation Cyber Security managed services delivered by our 24/7 Security Operations Centre.
Office 365 and Azure
Experts in driving businesses to the Modern Workplace.
Delivering competitive advantage through the use of technology.