GDPR is the General Data Protection Regulation which will replace the current EU Data Protection Directive in May 2018.
The GDPR targets PII (Personally Identifiable Information) and is designed to strengthen the rights and protections of individuals in what data you hold about them.
This means any information that can be directly identified to a person., is included; this includes Name, date and place of birth, National Insurance Number, etc. In short information which is unique to the individual.
The most relevant points of the GDPR are outlined below:
- A business must notify their supervisory authority of a data breach within 72 hours
- The subject will have the right to retract consent, request data erasure or portability (The right to be forgotten)
- They may face fines of up to 4% of their worldwide turnover, or €20 million for intentional or negligent violations.
There’s no need to worry about GDPR, like anything else it’s all about being prepared. This means being able to demonstrate you have the appropriate Management, Operational, and Technical controls in place. The responsibility for compliance falls on not only yourself but also your employees so it is important for all parties in a business to be aware of GDPR.
A good way to demonstrate your commitment to Cyber-Security is through getting certified with the Cyber Essentials scheme. This scheme is becoming a focus for the government as it has become a minimum standard that SME’s need to achieve for bidding on government contracts. Although Cyber Essentials doesn’t extend into GDPR completely, as it only relates to the technical controls, it can be enhanced with the IASME Governance Standard certificate which relates to GDPR readiness.
For more information then please visit https://cybernorthsomerset.org.uk/. The North Somerset Cyber Security Cluster has been formed to assist with not only GDPR but any Cyber-Security queries or concerns you may have.
Thank you to our friends and cyber-security experts at Proteus Support Ltd in Weston-super-Mare for the above article. If you want to know more about the technologies that can be made available to assist your business in securing against cyber-attacks, then please email GDPR@proteus-support.ltd.uk or visit www.proteus-support.ltd.uk.