On the 25th May, the General Data Protection Regulation (GDPR) will come into effect, changing the way businesses across Europe store personal data, deal with security breaches and respond to those wanting to be ‘forgotten’. Recent cyber-attacks, hackings and concern over manipulative and highly-targeted content contributed to a change in the 1995 regulation, as well as technological advancements such as the Cloud.
Companies failing to comply with the new GDPR could face hefty fines and a loss of trust and reputation. As a company that deals with personal data and security, we understand the negative impact this could have, and how best to prepare. Read on to find out how. It could save your business millions.
WHAT IS GDPR?
A new structure for data protection laws that will govern how businesses collect, analyse and use personal data, whether that be their employee’s, clients’ or customers’. It aims to provide greater protection rights to those affected, ensure secure procedures are put in place to prevent data loss or theft, and prevent the unlawful sharing of personal details. If you are a business, charity or personal authority that deals with personal data, then this applies to you.
Personal data includes your name, address, email address and location, as well as your online shopping habits, health information, political opinions and biometric and genetic data. Companies collect a lot more information on us than you might think.
WHAT DOES GDPR COVER?
GDPR covers a framework, including:
- Data Protection: Data must be collected for legitimate reasons, kept only when necessary and handled securely and in confidence.
- Governance: A system must be put in place to protect data, which may require the hiring of a data protection officer.
- Consent: Tick boxes are no longer acceptable. Consent must be freely given.
- Privacy: Individuals can request access to their data, correct it and have it removed if they so wish.
- Transparency: Companies must state how personal data will be used.
WHAT ABOUT DATA SECURITY?
Precautions must be taken by companies that not only collect and control personal data (such as a charity or business) but by those who process that data too, such as IT or accountancy firms. Security actions necessary include:
- The encryption of personal data, in case of loss, damage or destruction.
- Processing procedures that are strong, available and instil confidence in those who use them.
- In cases of human error or cyberattacks, the ability to restore personal data to its original location.
- Constant testing of procedures to ensure personal data is safe.
WHAT HAPPENS IF THERE’S A BREACH?
It’s imperative that breaches are reported to the Data Protection Authority within 3 days so that due course can be taken. Your employees, clients and customers must be informed where threats to their personal safety could occur, such as identity theft. If they’re not, you could face a fine of €10 million, or 2% of your annual revenue, if this is higher. Those who control data must also log the breach in an internal report or register, detailing its effects and the steps taken to correct it.
WHAT IF WE IGNORE GDPR?
Then it’ll come back with a vengeance. Ignoring your customers rights, transferring data to an unspecified company or country or not having a data protection framework in place could cost you €20 million, or 4% of your annual turnover. When the alternative is hiring a good data protection officer and using measures that ensure security, then complying with GDPR is a no brainer.
HOW DOES GDPR HELP US?
All companies that comply receive a GDPR certificate, the logo of which can be placed on your website and applications, signalling greater consumer trust and aiding your reputation. It shows you care about security and value data giving you a great competitive advantage.
Further, GDPR ensures you take care of data, update processes regularly and prevent breaches that could devastate your business.
HOW WE CAN HELP
- Host your business-critical server and telecommunications equipment with Infinitel.
- Our secure, resilient data centres provide protection, resilience and 24/7 availability of your core applications and data.
- Our Manchester and London data centres are ISO27001:2013 accredited with stringent security measures in place.
- Around the clock expertise available if you encounter issues at your end, or just need some advice.
- Simplify the management and security of smartphones, tablets, laptops, wearables and IoT devices with Infinitel.
- Secure, manage, and monitor any corporate or employee owned mobile device or desktop that accesses business critical data.
We are the ideal data protection and telecommunications company that will ensure your company’s data is secure, maintained and removed if necessary. Get in touch to find out more today.