0345 305 4118
General Data Protection Regulation - May 25 2018

General Data Protection Regulation (GDPR) proposed by the European Commission will strengthen and unify data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU. The compliance deadline for GDPR is May 25 2018.

Organisations need put in place technical and organisational measures to demonstrate their compliance with GDPR, meaning new policies, controls and procedures will need to be developed.

 

The primary objective of the GDPR is to give citizens back control of their personal data. Once GDPR takes effect it will harmonize previous and other data protection regulations throughout the EU. 

 

GDPR applies to any organisation operating within the EU, as well as any organisations outside of the EU which offer goods or services to customers or businesses in the EU.

 

There are two different types of data-handlers the legislation applies to: 'processors' and 'controllers.'

 

A controller is "person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing of personal data", while the processor is "person, public authority, agency or other body which processes personal data on behalf of the controller". A controller will need to ensure that all contractual obligations with a processor are compliant with GDPR whereas a processor will have more legal liability if they are responsible for a breach.

 

Under the terms of GDPR, not only will organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners - or face penalties for not doing so.

 

Under GDPR, if your organization suffers a data breach, the following may apply depending on the severity of the breach:

  • Your organization must notify the local data protection authority and potentially the owners of the breached records within 72 hours

 

  • Your organization could be fined up to 4% of global turnover or €20 million for non compliance to GDPR requirements

 

The UK Government Cyber Essentials Certification and IASME Standard are a great first step in achieving compliance.


Cyber Essentials can already mitigate ICO fines if a company suffers a breach.  Cyber Essentials certification is evidence that you have carried out basic steps towards protecting your business and your data from internet based cyber attacks.


By certifying to the IASME governance standard including its specific GDPR questions, you show your organisation has a wider governance system for management of the controls protecting personal data. The IASME governance standard adds a number of topics to Cyber Essentials which will be required for GDPR compliance, such as assessing business risks, training staff, dealing with incidents and handling operational issues.


If you want to know more about Cyber Essentials and IASME Governance, including the GDPR specific assessment questions, and see how these standards can help support you please contact our cyber security team on 0345 3054118

 

Preparing for GDPR

Helping you to achieve compliance

Taking the complexity out of GDPR

  • Certified EU GDPR Foundation Qualified Practitioners
  • CESG CCP accredited security team to Senior Practitioner Level
  • UK Government IASME-accredited Cyber Essentials Plus Certification Body
  • Holding over 40 different accreditations in 20 specialist technology areas
  • Industry leading Security Operations Centre
  • Extensive Multi Sector Experience

Offering flexible tailored GDPR compliance services:

  • GDPR Readiness Assessments

  • GDPR Training and Awareness

  • GDPR Policy and Procedure Development

  • Data Protection Services
  • Cyber Security Solutions
  • Cyber Essentials and IASME Certification
  • Incident Response and Breach Management

The General Data Protection Regulation (GDPR) is the biggest change to data protection law in a generation.

If your business isn’t prepared, you’re leaving yourself open to enforcement action that can damage both your public reputation and bank balance.

Elizabeth Denham
UK Information Commissioner
May 25, 2018
GDPR commencement date
4% of turnover
Maximum penalty for non-compliance
72 hours
To notify once a breach has occured
Think we can help you?
For a no-obligation discussion please complete the form
Copyright @2017 Capital Network Solutions
See how we perform for clients
4.87/5
Customer Satisfaction
95%
Client retention rate
70%
Business from referrals