The EU General Data Protection Regulation (GDPR) replacing the Data Protection Directive 95/46/EC brings wide spread changes to the legislation on personal data protection in Europe. Specialists say that we are witnessing a real revolution, considering how these changes will affect both small and large businesses in Europe and beyond.
GDPR is a general regulation on the protection of individuals with regard to the processing of personal data. There will be a single set of rules that will apply in all member states of the European Union. People will have additional control over their personal data, transparency on data usage will be ensured, and control measurements will be imposed to protect them.
The quick and simple answer is “Yes”. GDPR applies to all organisations of any size and scope. The law covers companies, government agencies, non-profit organisations and other organisations that provide goods and services to people in the European Union or that collect and analyse data related to EU residents.
More precisely, the regulation will be directly applicable to any company that:
The GDPR requires you to secure all the personal data that you are processing: employee data, customer data, partners’ data etc. By achieving the Cyber Essentials certification, in case of a data breach you will be able to prove that you have taken the measures to protect personal data by ensuring at least a basic level of network security.
Cyber Essentials (CE) is a government-backed cyber security certification scheme that can help any organisation prevent around 80% of cyber-attacks. Cyber Essentials not only helps your company to reduce the risk of cyber threats by up to 80%, but also to: