Many of our clients have been asking the following question with regards to the EU General Data Protection Regulation: “Will Complete I.T. be compliant with the new EU Data Protection Regulation when it is enforced?”
Answer: “Of course we will be.”
What is the new EU Data Protection Regulation?
The European General Data Protection Regulation represents the most significant change to data protection in the UK and EU since 1995. Once adopted, it will have the force of law across all 27 EU states, giving uniformity of data protection laws across all member states and significantly increasing penalties for non-compliance.
Who does it affect?
Every European business.
When does it go live?
No one really knows yet: it could be anywhere between 2016 -2018, however 2016 is being mentioned.
What does it focus on?
- Personal identifiable information we hold on our clients.
- Encryption of all Endpoints (devices)
- Breach Notification – inform authorities within 24-48 hours.
- Internal and External Privacy policies and procedures.
- The right to be forgotten.
- Transfer data beyond borders.
As our clients’ trusted I.T. Partner, we will be informing all of our clients of the new regulation.
Currently the industry press are saying that 83% of EU businesses are not aware of the new regulation.
We will be offering Data Protection Audits and recommendations of best practice – please get in touch if this is something you would be interested in discussing further.
- Best Practice Security Guide for SMB
- All the policies and procedures required
- A guide on how to escalate a breach to the authorities
- An infrastructure/Application to check for Data leakage, Line of Business Applications/ Cloud, (i.e. Dropbox), USB, CDROM’s and Mobile devices
- Recommendations on hardware solutions to resolve
Main changes to the EU Data Protection Regulation
Proposed changes to the existing EU Data Protection Directive aim to unify the existing legislation of each EU Member State, theoretically making it easier for businesses to transfer data throughout the EU and beyond.
Over the next 18 months, European Union legislators are seeking to simplify the EU Data Protection Directive to provide businesses operating within the EU with a single law and a unified data protection authority.
The principle changes to the existing EU directive focus on data privacy, which may significantly impact the commercial use of social media by placing greater emphasis on data ownership.
The directive clearly places control of data in the hands of individuals to foster a greater sense of trust with customers through transparent data processing.
So what are the top five things UK business should be doing to ensure they are able to comply by the time the new regime is enforced in 2015/6? UK businesses must:
- Appoint a data protection officer (if they have more than 250 employees);
- Obtain explicit consent from individuals and detail how this information will be used by them and any third parties
- Review their existing data protection policies and practices and ensure they are compliant with the new directive;
- Ensure their staff are fully aware of the implications of these changes and are trained in the application of any new policies;
- Make sure their processes enable them to inform authorities about data breaches as early as possible – if feasible within 24 hours