GDPR - General Data Protection Regulation
The law on data protection is changing in May 2018 as the UK have chosen to adopt the EU legislation (EU)2016/679 regarding GDPR. These changes introduce a number of things that businesses need to be aware of with the most important being:
The ICO (Information Commissioner Office) are set to become the Supervisory Authority
What this means is that the ICO is responsible for policing the scheme and ensuring businesses are being compliant. They have the ability to spot check and fine you even if you havent had a data breach if your internal systems are not up to a certain level and personal data is deemed to be at risk.
Large fines and penalties on the horizon such as 2% of global turn over for internal systems not being compliant and 4% of global turnover for a data breach.
The definition of Personal Data is changing
Individuals get more rights including:
- -Right to information
- -Right to access
- -Right to rectification
- -Right to be forgotten
- -Right to restriction of processing
- -Right to notification
- -Right to portability
- -Right to object
- -Right to appropriate decision making
Questions to ask of your business:
Can you remove all data from your systems for a particular individual easily if they ask to be forgotten?
Have you considered what personal data you store in your backups?
How long do you keep client data on your systems?
The IASME Standard has been specifically designed to help businesses become GDPR Ready and to start people thinking the right way about how they manage personal data. ITWiser are an IASME Standard Assessor and are able to help you through the process. If you would like more information on the IASME standard or GDPR please get in touch today to see how we can help you.