The EU General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (GDPR) superseded the UK Data Protection Act 1998 on 25 May 2018. Significant and wide-reaching in scope, the new law brings a 21st-century approach to data protection. It expands the rights of individuals to control how their personal data is collected and processed and places a range of new obligations
GDPR Compliance is not a choice
GDPR compliance is not just a matter of ticking a few boxes; the Regulation demands that you be able to demonstrate compliance with its data processing principles. This involves taking a risk-based approach to data protection, ensuring appropriate policies and procedures are in place to deal with the transparency, accountability and individuals’ rights provisions, as well as building a workplace culture of data privacy and security.
For many organisations, achieving GDPR compliance will be a year-long journey – if not longer. You should prioritise tackling those areas where a lack of action leaves your organisation exposed. Where an infringement occurs, demonstrating you have made a start could help reduce potential penalties.
Brexit and the GDPR
UK organisations handling personal data will still need to comply with the GDPR, regardless of Brexit. The GDPR will come into force before the UK leaves the EU, and the government has confirmed that the Regulation will apply, a position that has been stated by the Information Commissioner’s Office (ICO).
The new Data Protection Act has transposed the GDPR into UK
Post-Brexit any cross-border data flows between the EU and the UK may no longer carry automatic adequate safeguards. Accordingly, the UK Government is seeking an ‘adequacy decision’ from the EU to continue to share personal data. If this is not forthcoming, other options include seeking a bilateral agreement similar to the EU-US Privacy Shield, or for organisations to implement standard contract clauses or binding corporate rules that would add complexity and cost to data transfers. International organisations should consider Brexit implications in their GDPR planning.
What have we done about
Ridgeworks IT has been
With the introduction of GDPR in May, Ridgeworks IT has taken steps internally to make sure all its staff are compliant with the latest software and security enhancements to protect and manage your system security and meet all the new requirements of the General Data Protection Regulation.
Our company has been awarded Certified Cyber Security provider status (government regulated certification) see it here https://www.cyberessentials.ncsc.gov.uk/cert-search/
This means all solutions we use are fully GDPR compliant and CREST approved, giving our customers peace of mind that anything we introduce will both benefit their company and meet this Regulation as a matter of course.
How can we help
We’ve invested considerable time into understanding the new GDPR requirements and have developed a range of services to ensure our clients have taken the steps they need to comply.
If you would like to talk about GDPR or any aspect of your systems setup, please ring for a no-obligation discussion with one of our advisors.