On the 25th May 2018, the General Data Protection Regulation (GDPR) will shake up the way you manage, process and protect any data that you hold. Are you prepared?
The GDPR aims to bring the data protection laws up to date with today’s modern communication technologies. It will give individuals more control, and allow them better transparency, to view, check and object to their data being processed.
Apart from the new ‘opt in’ consent process, the GDPR has given individuals new rights that businesses must comply with, to stay within the law:
The right to be informed
The right to access
Once an individual has been informed of your intentions, they can contact you at any point, and request that you present all information you hold on them. You will have just one month to present this information to them, rather than the current 40 days.
The right to rectification
If any of the data you hold on the individual is considered incorrect or missing, the individual has a right to have this information rectified. You, as the Data Controller, are responsible for ensuring this happens. You must respond to their request within one month and ensure the changes are made within two months. The information must be updated not just on the main file, but on every copy.
The right to object
Individuals have new rights to object to their data being processed. They can submit their objection via email, letter and even via a direct message on active official business social media pages.
The right to erasure
If an individual objects to processing, this may result in a request to completely erase their data. The fifth principle of the data protection also states that any data that you no longer intend to process must be promptly and permanently erased to reduce the risk exposure in the event of a cyber attack. With today’s complex system of cloud storage and back up files, this process often involves much more than simply hitting the delete button.
The right to data portability
If an individual provides you with their data to process, that data must then be available to the individual by request in a format that is processable by another company or organisation. Much like transferring a bank account, any data held post GDPR, must be portable on request.
The GDPR has a huge emphasis on cyber security. You must ensure that any data you hold is encrypted, or at the very least protected with current and effective Cyber Security Software. SCS Technology Solutions actively support and provide our customers with the tools they need to ensure their systems and data are as impenetrable as possible.
We recently sent out a Cyber Security Awareness campaign to all of our customers, with tools to educate their employees.
If you have a data breach post GDPR, and the Information Commissioners Office’s (ICO) fines have increased from a maximum fine of £500,000 to penalties that will reach an upper limit of €20 million or 4% of your annual global turnover – whichever is higher. This is to reflect the accountability they wish for businesses to take when it comes to protecting vulnerable data.
Do you know how to access, delete or alter backed up files? Are you confident your current service provider could help you to respond to these requests?
SCS Technology Solutions can provide you with the support you need, to ensure that you can face these new data protection laws confidently. Want to find out more about our services? Read more about the IT Solutions we offer businesses here… or call one of our friendly team today 0800 952 0652.