Even though it’s been coming since 2016 (quite loudly, if you’re on LinkedIn!), I do still get questions from clients if they need to “do anything with this GDPR stuff” … if you have good data hygiene practices already, and a comprehensive suite of policies that you and your team are following, then the answer may be “no” — but if you suspect you don’t, then this article is for you.
What is GDPR?
The GDPR is Europe’s new framework for data protection laws. It replaces the previous 1995 data protection directive. The new regulation started on 25 May 2018, and it is enforced by the Information Commissioner’s Office (ICO). And no, even though we are leaving the EU, the Government has confirmed that the UK’s decision to leave the European Union will not alter this.
What do I need to know?
“If you’re currently subject to the Data Protection Act, it is likely that you will alos be subject to the GDPR” says the Information Commissioner’s Office. If you handle or process personal or sensitive data, you need to know your legal obligations when doing so.
Personal data is any identifiable data, from a name, to a phone number, or even an IP address (your computer’s unique address when visiting Web pages). Sensitive data is that which you cannot work out without asking, such as religious and political views, sexual orientation, and more.
Isn’t this just an IT problem?
No; this affects everyone who holds information, from the independent cosmetic sales reps who keep paper copies of receipts (if your customer’s details are on those receipts, you’re storing personal data) to the large multi-nationals. Privacy, and this regulation, are everyone’s business.
IT companies can help; we can do things such as Data Loss Prevention (to see if someone’s just emailed a list of credit card numbers to somewhere that they shouldn’t have) to managed firewalls (preventing access to phishing sites and credential theft). Good antivirus and security only goes so far, though, and businesses of all sizes should understand that the most crucial element is making sure everyone is adequately educated.
There’s a lot of information out there already that can help. It’s important that as many businesses as possible know about this information, because there are still people asking questions about the topic.
Stratum Now can help implement IT solutions and provide help creating policies and documentation to support your GDPR framework. Contact us and book your consultation.
A wide range of books have been written on the subject. I’ve presented a selection of the ones I’d recommend you reading below
|GDPR: Guiding Your Business To Compliance
(Recommended for all)
£8.99 (Kindle edition)
|GDPR In A Nutshell
(A good entry point)
Free/£0.99 (Kindle edition)
|The Ultimate GDPR Practitioner Guide
(For the privacy professionals)
£21.99 (Kindle edition)
Security is everyone’s problem
Hopefully we can avoid future incidents such as “The TalkTalk Problem” (when 157,000 customer details were stolen, many of which went on to suffer further losses due to fraud, impersonation and other extortion attempts). That’s what the GDPR aims to do; not only is it a stick (the fines are, in my opinion, a deterrent for blatantly disregarding one’s responsibilities) but it is also a carrot (a golden opportunity and a wealth of support to help everyone do better to improve security).
As always, we remain available to talk about the real issue of privacy and security. If you’d like our help, please get in touch; security is more than buying a box to do the hard work for you.