WHAT IS THE GDPR?
The General Data Protection Regulation (GDPR) is a new EU law that will replace (in the UK) the Data Protection Act 1998.
WHO DOES THE GDPR APPLY TO?
The GDPR applies to almost any organisation that ‘processes’ (deals with) personal data in any Member State of the EU, (and will continue to apply in the UK after Brexit) but it’s reach is far wider: any organisation anywhere in the world that provide goods or services to people in the EU will have to comply.
WHAT DOES THE GDPR DO?
The GDPR protects the ‘personal data’ of people (‘natural persons’). ‘Personal data’ is information relating to an identified or identifiable natural person (a ‘data subject’).
SHOULD I CARE?
The new accountability principle in Article 5(2) requires you to demonstrate that you comply with the principles and states explicitly this is your responsibility. Our easy-to-use portal will allow you to quickly identify current business risks to help with this compliance.
- Proprietary easy-to-use Portal with, up to, sixty insightful questions broken into logical sections
- Data protection compliance assessment
- Information Security assessment
- Data Sharing & Subject
- Access assessment
- Records Management appraisal
- Direct Marketing practical measures
- Fully reviewed by a UK Data Protection Solicitor
- ‘RAG’ Status Report detailing required actions
- Identify current compliance failures and immediate risks to your business
- ‘Gap’ analysis between what you are doing now and the requirements of the GDPR; (identifying the scale of the challenge you are facing and therefore making it easier to accurately assess the time, resources and costs that will need to be set aside and budgeted for)
- Which parts of the GDPR will have the greatest impact on your organisation and so identifying what to give priority to in your GDPR planning process
DOES IT APPLY TO US?
‘Controllers’ and ‘Processors’ of data need to abide by the GDPR.
It doesn’t matter if controllers and processors are based outside the EU. The GDPR will still apply to them if they’re dealing with data belonging to EU residents.
It’s the controller’s responsibility to ensure their processor abides by data protection law. Processors must abide by the rules and maintain records of their processing activities. If a data breach involves the processor, they are far more liable under GDPR than they were under the Data Protection Act.
WHAT IS PERSONAL DATA UNDER THE GDPR?
The EU has substantially expanded the definition of personal data under the GDPR. To reflect the types of data that organisations now collect about people, online identifiers such as IP addresses now qualify as personal data. Other types of data are now also considered personally identifiable. Information such as:
Mental health details
Pseudonymised personal data may also be subject to GDPR rules, depending on how easy or hard it is to identify whose data it is.
Anything that counted as personal data under the Data Protection Act also qualifies as personal data under the GDPR.
WHY YOU MUST NOT IGNORE GDPR
If you don’t follow the basic principles for processing data, such as consent, ignore individuals’ rights over their data, or transfer data to another country you will be subject to fines. Your data protection authority could issue a penalty of up to €20 million or 4% of your global annual turnover, whichever is greater.
WHY CHOOSE US
We are delighted to have partnered with a Cyber Security company who have combined their global information & cyber security experience with a dedicated in-house GDPR team led by a Data Protection Lawyer with over 30 years experience. This allows us to provide you with a unique and comprehensive GDPR solution.