Author Gary Hibberd
On May 25th 2018, something monumental happens – The current Data Protection Act is repealed and a new regulation comes into force; The General Data Protection Regulations (GDPR).
If you aren’t aware of what the new regulations are, let me summarise it for you;
Top 10 GDPR Facts
- It’s the biggest shake up of rules surrounding Data Protection since 1998.
- It’s a regulation that is relevant to EVERY organisation, irrespective of size or sector
- If you get it wrong you could face fines of up to 20 million Euros
- BRExit won’t affect it!
- Accountability is at the heart of the regulation
- You will need to seek ‘Consent’ to control/process the data you hold
- You can’t “outsource” the requirements (Data Controllers AND Processors will be impacted)
- You need to have a clear process for managing Data breach incidents
- You’ll need to decide who your Data Protection Officer is – and it probably can’t be you!
- You will need to act
Those are just the headlines! Some of the more important aspects that I think (by way of introduction) you need to be aware of.
Why the change is important
With the increase of data breaches reported in 2016 it should be no surprise that there is a need for greater data protection in our increasingly interconnected world. The changes are important because it places ‘Accountability’ across its principals, meaning that if a company is found to be negligent in its management (or mis-management) of data protection, then someone will be held Accountable.
The Information Commissioners Office (ICO) in the UK have said that the changes which are coming is placing responsibility for protecting UK citizens information squarely at the feet of every organisation which holds that information.
If you run a business/organisation of any size that requires you to access PII of employees to customers and clients, then GDPR is important to you.
Come 25th May 2018, you may be held accountable (personally) for any breach which occurs. Come 2018, ignorance will not be an excuse.
We would love to help you, ask for Gary:
Agenci are responsible for protecting businesses from cyber threats, cyber-attack, internal threats and business outages. Agenci are committed to helping business prepare for the GDPR and for putting in controls (such as ISO 27001) to prevent data breaches and cyber incidents occurring.