The EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018. The new rules are designed to protect consumer rights and clarify laws for businesses right across the European Union (EU) but, vitally, also those that trade with it. Your business needs to protect itself by fully adhering to these changes in the law.
The GDPR protects all personal data (such as name, identification number etc) and, interestingly, there is no distinction between private, public or work roles. Despite Brexit, the UK will still toe the line on the rules, to ensure trading with the EU. Organisations outside the EU are also still subject to the jurisdiction of GDPR just by collecting data on EU citizens.
Sensitive data has never been easier to obtain or disseminate electronically, while the risks have never been greater. A responsible organisation will need to recognise the risks and prevent or mitigate any potential problems.
Some organisations could face a fine 4% of global turnover or up to €20M - whichever is the greater. This doesn’t even begin to assess the damage to reputation or the company’s public image, so it makes more sense (both practically and financially) to avoid the penalties in the first place.
If a company has a substantial number of complaints lodged against it even before May 2018, it could be liable for a significant fine from the Information Commissioner’s Office (ICO), reputational fallout and potential bad press, which can be very damaging for a small business.
We all know about environmental IT legislation such as WEEE (Waste Electrical and Electronic Equipment recycling), but the safe disposal of data is equally important.
Data can be stored on a wide variety and number of different devices in a modern organisation, from servers and PCs to tablets, smartphones, USB sticks, portable hard drives etc. A well designed IT lifecycle will look at all the potential problem areas and ensure policy and protection is in place throughout, from installation through to safe destruction at the data erasure stage.
• If you haven’t done so already, make sure your organisation is fully up to speed with the legislation within the GDPR. Make sure your internal processes provide protection to data and can also demonstrate this to satisfy any inspection of it
• When it comes to securing your IT systems, speak to a reputable ADISA registered asset disposal expert to get full advice on your IT lifecycle. This will ensure you have a robust solution which will limit your risk of data leakage and the potential consequences from it
• Ensure your data is fully contained and hardware is safely and efficiently disposed of, with compliance in terms of GDPR approved data protection and environmental legislation firmly at the forefront of this
• Think about employee use of personal devices. Be wary of all access to data and, where possible, limit this beyond the systems owned by the business itself (and therefore under its direct control)