europe 2021308 960 720

On the 25th May 2018, the General Data Protection Regulation (GDPR) will shake up the way you manage, process and protect any data that you hold. Are you prepared?

The GDPR aims to bring the data protection laws up to date with today’s modern communication technologies. It will give individuals more control, and allow them better transparency, to view, check and object to their data being processed.

Apart from the new ‘opt in’ consent process, the GDPR has given individuals new rights that businesses must comply with, to stay within the law:

The right to be informed

If you hold and process any data that contains personally identifiable information then you must make that individual aware that you hold their data, how you intend to do process it, and how long you intend to hold on to their information for in a much more transparent privacy policy.

The right to access

Once an individual has been informed of your intentions, they can contact you at any point, and request that you present all information you hold on them. You will have just one month to present this information to them, rather than the current 40 days.

The right to rectification

If any of the data you hold on the individual is considered incorrect or missing, the individual has a right to have this information rectified. You, as the Data Controller, are responsible for ensuring this happens. You must respond to their request within one month and ensure the changes are made within two months. The information must be updated not just on the main file, but on every copy.

The right to object

Individuals have new rights to object to their data being processed. They can submit their objection via email, letter and even via a direct message on active official business social media pages.

The right to erasure

If an individual objects to processing, this may result in a request to completely erase their data. The fifth principle of the data protection also states that any data that you no longer intend to process must be promptly and permanently erased to reduce the risk exposure in the event of a cyber attack. With today’s complex system of cloud storage and back up files, this process often involves much more than simply hitting the delete button.

The right to data portability

If an individual provides you with their data to process, that data must then be available to the individual by request in a format that is processable by another company or organisation. Much like transferring a bank account, any data held post GDPR, must be portable on request.

Cyber Security

The GDPR has a huge emphasis on cyber security. You must ensure that any data you hold is encrypted, or at the very least protected with current and effective Cyber Security Software. SCS Technology Solutions actively support and provide our customers with the tools they need to ensure their systems and data are as impenetrable as possible.

We recently sent out a Cyber Security Awareness campaign to all of our customers, with tools to educate their employees.

If you have a data breach post GDPR, and the Information Commissioners Office’s (ICO) fines have increased from a maximum fine of £500,000 to penalties that will reach an upper limit of €20 million or 4% of your annual global turnover – whichever is higher. This is to reflect the accountability they wish for businesses to take when it comes to protecting vulnerable data.

Do you know how to access, delete or alter backed up files? Are you confident your current service provider could help you to respond to these requests?

SCS Technology Solutions can provide you with the support you need, to ensure that you can face these new data protection laws confidently. Want to find out more about our services? Read more about the IT Solutions we offer businesses here… or call one of our friendly team today 0800 952 0652.