What is the GDPR?
will require all UK businesses (regardless of the outcome of Brexit) to comply by way of ensuring all personal/sensitive data stored, is handled and processed correctly and is protected in the best way possible.
The new regulation will introduce tougher fines for non-compliance and in the event of security breaches. It also gives consumers more say over what companies can do with their personal data and provides the option for individuals to be ‘forgotten’ about. GDPR is designed to strengthen data privacy laws across the entirety or Europe as well as give rights and greater protection to individuals.
So why was GDPR initially drafted?
GDPR’s main objective is to allow people to have more control on how their data is used, processed and distributed. For example, companies such as Facebook and Twitter store extremely large masses of data, where many users are unaware of who has access to their confidential information, where it’s being sent to and how businesses are using it in their own favor. GDPR aims to allow businesses to operate within a more clearer and simpler environment, where data laws are made easier to understand and oblige by, for each market.
Overall, by strengthening and toughening the measures of legal data acts, the EU aims to increase trust and loyalty within the fast growing digital world. Therefore, all businesses that store and process data are required to comply with the GDPR policy.
When does GDPR apply?
Does GDPR apply to me?
Well, GDPR applies to both (controllers) and (processors). A controller is basically an individual or business that states the ways in which the data is stored, and why it is stored/processed in the first place. Whereas, a processor is used to actually process the data.
Therefore, a controller could be any business, organisation or charity that deals with data. Due to the fact that we ‘OTT‘ are an IT Support Consultancy, and deal with the processing of client data we can be considered as a processor.
Even if you’re business, organisation or charity is located outside of the EU, but handles data throughout the EU, GDPR still applies to you.
What's the right to be forgotten?
Individuals have the right to be forgotten, which basically states they have the right for their data to be deleted if it is no longer needed for the initial purpose in which it was collected. Likewise, the individual also has the right to have their data removed if they decide to withdraw their consent for their data to be collected.
What if we don't comply?
To anyone that fails to comply with certain GDPR requirements, can potentially be fined up to £10 million, or 4% of their total global annual turnover. Now, I don’t think any business wants that… So it’s extremely important you become compliant with GDPR!
OTT Risk Intelligence - How we can help you become more compliant!
Risk Intelligence scans for unsecured data across your corporate network and provides an estimated financial figure for the potential liability in the event of a data breach. This allows us to discover areas of weakness across your office network and in turn better secure them and protect your sensitive data. Once you try it, you’ll see how powerful it can be in both adding value to your business and helping you become GDPR compliant.