Five Things You Need To Know About The General Data Protection Regulation by Rob Hamilton

Rob Hamilton, Dynamic Edge

When it comes to data protection, it pays to keep up-to-date, especially as it has been announced that a new regulation is coming into play. Luckily there’s still time to get organised for the new regulations and make sure your company won’t in the headlines for the wrong reasons.

The new legislation has many legal firms “skilling up”, but what about the practical IT side of data protection? At Dynamic Edge, we provide services such as data audits, cookie and privacy policy reviews to help your company to get match-fit for the upcoming regulatory changes.

As IT specialists, we use our technical know-how to get your business ready, from your corporate website to your computers, your network to your cloud storage, servers to databases, we make sure your business is technically compliant.

Our initial technical General Data Protection Regulation audit produces a report which details the work required to make sure you technically comply.

1) What is it? The General Data Protection Regulation (GDPR) is an EU-wide regulation on how businesses handle personal data. Personal data is defined as any data held that can identify an individual. This includes staff records, customer databases, CCTV and many other types of data. It will give people stronger rights to be informed about how their personal information is used and create more of a data protection culture in the UK. But it means that companies have to change the way they store information about their clients, consumers and staff.

2) When does it come into affect? On the 25th of May 2018. In a year’s time a major regulatory change will apply to all businesses in EU member states, including the UK. The new regulation will replace the 1998 Data Protection Act and fundamentally change the way companies deal with your personal data, and penalties for non-compliance will be severe.

3) How does it affect your business? GDPR has wide-ranging effects for all businesses. From 25th May 2018, companies must collect data lawfully and for a specific, stated purpose. Data must only be held for the time in which it will be used, and anyone who has data held has the “right to be forgotten” — or in other words, their data permanently deleted within a defined period.

4) How does your business comply? To be fully compliant with GDPR, companies are advised to thoroughly audit any data they hold, and the processes used for collecting and processing that data. Almost all businesses in the EU will need to take some form of action, even if it is just updating their online privacy policy on their website.

5) What are the penalties for non-compliance? The Information Commissioner’s Office has set some severe penalties for non-compliance with GDPR. Companies who are found to have not acted soon enough on a data breach, or who show misconduct in their data processing are liable for fines up to an astonishing €20 million, or four percent of global annual turnover — whichever is more.

Dynamic Edge Group

Rob Hamilton is founder and CEO of technology firm Dynamic Edge. Established in 2009, Dynamic Edge is a UK-based technology partner for business. They provide complete managed IT services to businesses between 10 and 3,000 PC and/or Mac users across all business sectors.