GDPR – General Data Protection Regulation
Vitanium are here to help you ensure that you’re GDPR compliant
What is GDPR?
GDPR, or General Data Protection Regulation, is new data protection legislation that was approved and implemented by the European Parliament in April 2016. As European Law, it fully took effect after a 2-year transition, ending on May 25th 2018.
GDPR replaced the previous European Data Protection Directive (DPD), and in the UK it replaced the Data Protection Act (DPA). One of the key differences between GDPR and DPD, is that GDPR is a regulation not a directive; as a regulation, no additional legislation must be passed by governments of member states for it to come into effect.
GDPR has been designed to harmonise data protection and data privacy laws across the EU, to protect and empower all EU citizens data privacy, and to reshape the way organizations approach data privacy.
GDPR aims to give individuals better control over their personal data and establish one single set of data protection rules across Europe. Whilst also imposing strict rules on those who host and ‘process’ this data, anywhere in the world. The Regulation also introduces rules relating to the free movement of personal data within and outside the EU.
How does GDPR affect your business?
Businesses of all sizes need to be able to demonstrate compliance with GDPR. One of the main differences between GDPR and the Data Protection Act (DPA) is the transparency that businesses will need to provide to the enforcing authority. In the UK this authority is the Information Commissioner’s Office (ICO).
The main changes to data protection regulation that businesses will need to be aware of are:
- Harsher penalties for non-compliance
- A requirement for increased auditing and reporting
- Increased responsibility placed on data processors
- Increased individual rights i.e. the right to be forgotten and subject data requests
GDPR regulations specify that you must:
Improve security measures to protect personal data – Encryption, advanced firewalls and software protection are recommended throughout the regulation and widely agreed to be the best data security measure.
Implement staff training and have policies and procedures in place – to show that you have taken reasonable steps to avoid a data breach, and what to do if one occurs.
Notify affected parties in the event of a personal data breach – Must be done without undue delay. If you can prove the data was encrypted and protected you may not need to notify the individuals concerned.
Pay fines in the event of a personal data breach – If the data was encrypted and protected it’s highly likely that no fines will be imposed.
The cost of non-compliance
The ICO is the regulatory body that enforces the GDPR in the UK. One of their functions is to administer fines for non-compliance. The fines can be substantially larger under GDPR than under the Data Protection Act. They can be as high as €20 million or 4% of Global turnover, whichever is greater, for a data breach. The ICO also have a vested interest in administering fines as they will be funded by the fines they administer.
How can Vitanium help ensure you’re compliant?
Vitanium are an ISO 9001 certified company with over 15 years of experience in protecting and managing customer’s business critical data. Vitanium are very conscious of our need to comply to the Data Protection Act 1998 and as a UK company we follow the strict guidelines provided by the Information Commissioners Office.
You can rest assured that any data backed up or processed by Vitanium is securely stored in our UK certified data centres and we comply with all the required security standards – most notably full encryption at rest and in transit.
All our hardware and applications used to process, transmit or store users’ email/data are housed in multiple ISO27001 accredited, highly secure data centres in the UK, which are fully fire-walled and securely manned 24/7.
All our control panels are password protected and accessible over 128bit Secure Socket Layers (SSL) to give users of Vitanium services added confidence that any sensitive information stored on their behalf by Vitanium is safe and highly secure.