There is a lot to read, process and implement with GDPR but below is a brief summary of the main points plus access to your FREE guide to GDPR. Intalect can help you with the main aspects of getting your IT systems in shape to help with protection against breaches of data through the types of cyber security attacks that are becoming all too common.

Click here to contact us to discuss what we can do to help.

 

What you need to know

GDPR is designed to protect and empower all EU citizens data privacy and to change for the better the way organizations across the region approach data privacy.

Who does the GDPR affect?

It affects organisations inside the EU and those outside that offer goods or services to those in the EU.

What are the penalties for non-compliance?

Those in non-compliance can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million.

The approach to fines is staggered and tiered e.g. a company can be fined 2% for not having their records in order for example.

What constitutes personal data?

“Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person.”  It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

How does the GDPR affect policy surrounding data breaches?

Possibly one of the most key areas to raise awareness of is what notifications need to take place should there be a breach or leak.

Data breaches which may pose a risk to individuals must be notified to the ICO (Information Commissioners Office) within 72 hours and to affected individuals without delay.  As you can appreciate there are many negative factors involved including 1) the inevitable investigation and 2) the embarrassment and adverse impact on your reputation

Rights

Data subjects, or “people/individuals” have various rights under the new regulation

• Right to access – the ability to get confirmation about whether or not personal data concerning them is being processed, where and for what purpose. Also the organisation must provide a copy of the personal data, free of charge, in an electronic format.
• Right to be forgotten – Also known as Data Erasure, the right to be forgotten entitles the data subject to have the organisation erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.

Privacy by Design

As a concept, this has been around for a long time but the regulation brings it to the forefront and stipulates that organisations processes and systems must include methods of data protection in their design and data controllers must only hold data relevant and necessary for its duties coupled with stronger internal controls about access to that information.

Data Protection Officers

Under the GDPR, you must appoint a data protection officer (DPO) if you meet certain criteria such as carrying out large scale processing of data, or work with special categories of data such as criminal convictions or offences.

You may appoint a single data protection officer to act for a group of companies or for a group of public authorities, taking into account their structure and size.

Summary

As you can see there is a lot to take in, a lot to understand and potentially a lot to implement for your business.  The fines are serious and most importantly your reputation as a business or an education provider should you suffer any data leakages.  Protect your systems and talk to us about the best ways to do this by getting in contact.