In 1998 the Data protection act was passed by parliament to control the way information is handled and to give legal rights to people who have information stored about them.
The act was passed in an era before the birth of Social Media, the evolution of broadband and the adoption of handheld technology. No wonder it’s out of date and unfit for purpose, especially when we consider the level of personal information we share on social media, and the access brands and businesses have to this on a daily basis.
The new regulation is a comprehensive uplift on the 1998 Data Protection Act, and is aimed at harmonising data protection throughout the EU. GDPR places far more emphasis on the individual being able to control their own personal data, ensures that consent is much clearer, and holds companies accountable for the personal data they hold.
GDPR readiness assessment
The GDPR places a number of responsibilities on companies who control and process personal data including:
- Putting organisational and technical measures in place to demonstrate compliance.
- Making data protection and information security a board-level issue.
- Implementing robust and “state-of-the-art” cybersecurity solutions and reviews.
- A focus on transparency and consent as a basis for collecting and processing personal data.
- Providing enhanced rights for data subjects, including the right to be forgotten.
- More stringent rules around detecting and communicating data breaches to both individuals and the authorities.
What you can do to prepare
Organisations who hold personal data should be preparing for GDPR now. Some of the processes, schemes and standards to implement in preparation include:
- Risk and impact assessments for data protection.
- The government-backed Cyber Essentials scheme.
- Recruitment and training of personnel in preparation for GDPR.
- Audits of existing data; where it is held and who owns it.
- Review of previous consent to see if fresh consent is required under GDPR.
- Updating of privacy policies and online contact forms to comply with the regulation.
What we can do to help
We can also assess your organisation for GDPR readiness. We offer a range of consultancy and technical services to ensure the confidentiality, integrity and availability of your data, and to help you prepare for the forthcoming changes in data protection law.
GDPR can sound daunting. Our consultants will hold your hand through the process, help you every step of the way and take the hard work out of compliance.