×

Good News - Thanks to our engineers' efforts, all email issues have been solved.

Protect data and comply with the GDPR

soVision IT is a Cyber Essentials Certification Partner helping organisations in Bristol, Bath and the South West to achieve the Government Cyber Essentials Certification and comply with the GDPR.

The EU General Data Protection Regulation (GDPR) replacing the Data Protection Directive 95/46/EC brings wide spread changes to the legislation on personal data protection in Europe. Specialists say that we are witnessing a real revolution, considering how these changes will affect both small and large businesses in Europe and beyond. 

What is GDPR?

GDPR is a general regulation on the protection of individuals with regard to the processing of personal data. There will be a single set of rules that will apply in all member states of the European Union. People will have additional control over their personal data, transparency on data usage will be ensured, and control measurements will be imposed to protect them.

Does GDPR apply to your company?

The quick and simple answer is “Yes”. GDPR applies to all organisations of any size and scope. The law covers companies, government agencies, non-profit organisations and other organisations that provide goods and services to people in the European Union or that collect and analyse data related to EU residents. 

More precisely, the regulation will be directly applicable to any company that: 

  • Provides goods or services to individuals in the member states of the European Union; 
  • Monitors the behaviour of individuals in EU member states; 
  • It has employees in European Union member states. 

When is GDPR coming into effect?

The EU’s General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes the UK Data Protection Act 1998. 25th of May is not the day when organisations should start working on becoming compliant, but the day when organisations are obliged to be compliant.

What are the consequences of not complying to GDPR?

Fines of up to €20 million or up to 4 per cent of total global revenue of the preceding year, whichever is greater. 

It is very important to mention that the responsibility for non-compliance is shared between the company that controls the personal data and the company processing the personal data for the first one. For example, if your company collaborates with a supplier and you share personal data, you must ensure they are also GDPR compliant.  

TOP 5 GDPR Requirements

Personal Data

According to GDPR, individuals have the right to know if an organisation is processing their personal data and to understand the purposes of that processing. 

Any person has the right to request the organisation to delete, correct or stop processing their data, to refuse direct marketing and to revoke consent for certain uses of their data. 

The GDPR comprises a new right to data portability providing individuals with the right to move their data elsewhere and receive assistance in doing so. Therefore, data controllers must ensure that they can hand over the personal data that has been provided by the individual, in a structured, commonly used and transferable format.

Securing personal data

GDPR requires organisations to secure personal data according to its sensitivity. 

In the event of a security breach, the data controllers must notify the appropriate authorities within 72 hours. In addition, if the breach will lead to high risks for the rights of individuals, organisations will also have to notify without delay the affected people. 

Processing personal data 

Processing personal data must be done on a legal basis. 

Companies must be able to demonstrate that consent for processing personal data was given by the individual. The GDPR defines consent as: “any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”. 

Impact on the protection of personal data 

Organisations need to assess the impact on data protection in order to anticipate the impact of projects on privacy and take action as needed. 

In order to demonstrate compliance with the GDPR, recordings of data processing and evidence of consent to data processing must be maintained. 

GDPR compliance  

In order to ensure compliance with GDPR, organisations are encouraged to implement a privacy culture in order to protect the rights and interests of individuals with regard to their personal data. 

Failure to comply with GDPR may result in serious fines and business partners' refusal to collaborate with your organisation. 

GDPR compliance is not a one-time step, it’s a continuous process of monitoring data processing and ensuring its security, but one of the first steps you might take is becoming Cyber Essentials certified.  

Cyber Essentials and GDPR 

The GDPR requires you to secure all the personal data that you are processing: employee data, customer data, partners’ data etc. By achieving the Cyber Essentials certification, in case of a data breach you will be able to prove that you have taken the measures to protect personal data by ensuring at least a basic level of network security. 

Cyber Essentials (CE) is a government-backed cyber security certification scheme that can help any organisation prevent around 80% of cyber-attacks. Cyber Essentials not only helps your company to reduce the risk of cyber threats by up to 80%, but also to: 

  • Maintain business reputation 
  • Save on potential IT costs 
  • Focus on your core business objectives 
  • Bid for UK government contracts 
  • Gain competitive advantage 
  • Last, but not least, helps you to comply with the GDPR and other laws.

soVision IT is a Cyber Essentials Certification Partner helping organisations in Bristol, Bath and the South West to achieve the Government Cyber Essentials Certification and comply with the GDPR. Being a complete ICT provider gives us the advantage of having all the resources to solve any IT security challenge that your company might be facing. 

Contact or GDPR and Cyber Essentials experts now: 0117 986 4026 | info@sovisionit.com. 

 

 

If you're looking for a professional IT Support in Bristol and for more about our complete ICT solutions contact us.

Subscribe to our mailing list

Our offices are strategically located in Midsomer Norton and Keynsham and are ideally positioned to serve business in Bath , Bristol and the Southwest.

© Copyrights soVIsion IT 2016. All rights reserved.

Line Business Services Ltd and soVision IT Ltd, Avon House, Avon Mill Lane, Keynsham, Bristol BS31 2UG. Line Business Services Ltd is a Company registered in England No. 5599751. soVision IT Ltd is a Company registered in England No 10714018