According to a recent report 96% of businesses are under prepared for the General Data Protection Regulation (GDPR) which will be enforced from May 25th 2018.
GDPR is designed to protect all EU citizens from privacy and data breaches and to manage how organisations deal with data privacy. The regulations will apply to any organisation that processes the personal data of individuals who live in the EU, regardless of the location of the company. So, Brexit will make no difference to UK companies as they will still need to comply.
In order to comply, organisations will have to put in place measures and controls around the management of data security. This includes:
- Personal Privacy –Under GDPR, individuals gain many more rights including requesting free access to their personal data known as a Subject Access Request (SAR).
- Controls & Notifications –Organisations must protect personal data using appropriate security mechanisms.
- Transparent Policies –Organisations are required to have clarity around the collection, use, retention and deletion of data.
- IT & Training –Organisations must also provide staff with the appropriate level of information security training and have policies in place to manage the data.
The responsibilities organisations must meet in order to be GDPR compliant cannot be underestimated. Time must also be allocated to update policies and procedures to ensure these responsibilities can be managed.
At William Duncan it is our business to take personal privacy and data extremely seriously. We have stringent controls and security measures which ensure we are not only compliant with GDPR, but can also assist our clients in understanding how they too can comply.
If you would like more information on what we can do to help please contact our IT Team on 01292 265071 or email firstname.lastname@example.org.