Will GDPR affect your business?

GDPR.jpg

You may be questioning whether the European General Data Protection Regulation (GDPR) changes will affect you and your business. Regardless of whether your business employs 2 staff, or thousands of staff, it is likely the change will impact you on 25th May 2018.

Any business who collects, holds or uses citizen’s or staff’s personal information will need to comply with the latest regulation. Breaches will involve substantial fines and can provide individuals with the opportunity to sue you for compensation – both material damage and non-material damage.

GDPR-Fact-1.jpg

What is GDPR?

GDPR is designed to harmonise data privacy laws for UK and Europen citizens and businesses, improve the privacy of citizens, and reform the way businesses approach data privacy. The legalisation will result in fairer treatments for citizens when disclosing their personal data to businesses.

Companies will be accountable for complying legally, transparently and willingly with the legalisation. For a profound number of businesses it will impact day-to-day operations and some businesses will need to implement a new data protection programme to be compliant.

Preparing for GDPR

The regulation has been introduced to enforce companies across EU to up their data protection game. One of the sustainable changes in the legalisation is how and when companies manage an individual’s data. Prior to the legalisation being implemented, individuals were not able to have a say on how their personal data was held, nor have the right to withdraw consent at any given time. The EU has commented on the importance of data for companies, but have realised that there is no equality as authority lies mostly with businesses.

Peoples-Data.jpg

Will GDPR apply to you?

One way of identifying whether GDPR is applicable for your business is to consider how often you deal with personal data from customers, staff, suppliers and previously employees. For instance, if your business handles personal data on a regular basis you should follow GDPR. The Information Commission Office (ICO) has proclaimed if your business is affected by the Data Protection Act (DPA), then it will also be affected by GDPR.

GDPR-Fact-2.jpg

Understanding GDPR will be necessity for the majority of businesses, but having an individual who is responsible for managing the issue safely and securely in your business is another complication. Primarily, the new legalisation will be most problematic to SMEs, as without the right tools smaller businesses with less staff, fewer free time available will be running into trouble. Make sure you do not miss out on planning how your company will put GDPR in place, as research conducted by FireEye’s “Beyond the Bottom Line, The Real Cost of Data Breaches”, found high profile data breaches negatively impact consumer trust in major brands. The number of respondents (76 per cent), who said they are more likely to take their business elsewhere due to negligent data handling practices further, endorses data governance.

‘GDPR seems complicated to implement’

For many businesses a robust and structured plan will need to be implemented to be compliant with EU changes. It may seem a complex task, but if it is carried out efficiently success can happen. Management is key to succeeding with GDPR, as every piece of information will need to be stored securely on a computer, device or third party program.

If the thought of putting in place your own GDPR plan seems a daunting task, Netpoint Solutions is here to help you through the process.

How Netpoint Solutions can help

Netpoint Solutions can help your business in becoming GDPR compliant

Your IT systems only account for around 20% of the GDPR regulations. Unlike many IT companies we are working with Certified GDPR Practitioners to help your business become fully compliant in all aspects of GRPR, not just the IT related areas.

  • Find out what your GDPR requirements and obligations are via a GDPR assessment
  • Cyber Essentials is seen as a minimum requirement for GDPR, we work as standard within the Cyber Essentials framework and can help your company become certified
  • Many businesses require a Data Protection Officer due to the personal data they process. This can be outsourced to our Virtual DPO Service
  • COMING SOON - our 'GDPR Compliance Tool Kit' will help your business implement the policies and procedures to become compliant

Contact us:
Office Phone: 01484 506960
Email: info@netpointsolutions.co.uk

GDPR: Get Your Business Ready

GDPR-Get-your-business-ready.jpg

One of the biggest changes in data protection law is coming into force in May 2018. The General Data Protection Regulation (GDPR) will affect how companies process and use their customers’ and employees’ data.

GDPR.jpg

The European Parliament has announced an ambitious transformation which will strengthen citizens’ rights for controlling their personal data and give individuals the option to be erased from a company’s record. Moreover, the legalisation means some SME and corporate businesses will have to implement a new data protection programme to be compliant with regulation. Regardless of whether the UK will be in the European Union or not, the GDPR regulation will go ahead in less than 8 months.

What is changing?

As of May next year, GDPR is going to replace the Data Protection Act (DPA). The framework will inflict expensive penalties for businesses who fail to manage people’s personal data securely. In accordance with regulators, personal data is defined as ‘any information relating to an identified or identifiable natural person’. As the majority of businesses hold data on individuals, it will significantly impact day-to-day operations. Any business that does not adhere to the regulations can land itself with fines up to 4% of their global turnover or 20m euros (£15.8m), whichever is greater.

What this means for SMEs?

The new conditions mean all SMEs will need to justify how and when an individual has given them consent to store and use their personal data. Individuals will be able to have a say on how their personal data is held, and have the right to withdraw consent at any time. For example, if an individual requests to withdraw from an email list, their details must be erased and not kept on file in the deleted mailing list folder.

Once in action, SMEs will have to explain precisely where the personal data is stored, whether it be on a computer, laptop, servers, or on software programs and accurately explain how removal of data is executed.

Companies will have to up their security measures to reduce the chance of a data breach, as GDPR obliges companies to report any data protection violations in 72 hours to the necessary authorities. Moving forward, GDPR will put greater emphasis on recognising when a breach has occurred and putting an incident recovery plan in action to deal with the consequences.

In preparation for GDPR businesses are recommended to implement systems that will make them compliant with the regulation well in advance of the 2018 deadline.

The Next Steps

If your organisation will be impacted by the new regulation, your next step is to conduct an audit to identify what data you store and process for European citizens, its location, its path from point A to B and by what systems is it processed.

By doing this you will unveil the gaps in your systems which will then allow you to investigate the tools and solutions you may need to invest in to help your organisation achieve GDPR compliance.

How Netpoint Solutions can help

Netpoint Solutions can help your business in becoming GDPR compliant

Your IT systems only account for around 20% of the GDPR regulations. Unlike many IT companies we are working with Certified GDPR Practitioners to help your business become fully compliant in all aspects of GRPR, not just the IT related areas.

  • Find out what your GDPR requirements and obligations are via a GDPR assessment
  • Cyber Essentials is seen as a minimum requirement for GDPR, we work as standard within the Cyber Essentials framework and can help your company become certified
  • Many businesses require a Data Protection Officer due to the personal data they process. This can be outsourced to our Virtual DPO Service
  • COMING SOON - our 'GDPR Compliance Tool Kit' will help your business implement the policies and procedures to become compliant

Contact us:
Office Phone: 01484 506960
Email: info@netpointsolutions.co.uk

Key Highlights

  • GDPR is one of the biggest changes in security protection for more than 20 years
  • GDPR is any information relating to an identified or identifiable natural person
  • The legalisation will affect how company’s process and use their customers and employees data
  • Consumers will gain control on how their personal data is managed and have a right to withdraw consent
  • Some SMEs and corporate businesses will have to implement a new data protection program to be compliant with the regulation
  • The framework will inflict extensive penalties for businesses who disregard the rules on managing people’s personal data securely - with fines up to 4% of their global turnover or 20m euros (£15.8m), whichever is greater
  • Businesses will need to destroy data at the request of an individual
  • Companies will have to disclose where personal data is stored – on a device or on software
  • GDPR obliges companies to report any data protection breaches in 72 hours to necessary authorities
  • GDPR will put great emphasis on recognising when a breach has occurred and putting an incident recovery plan in action to deal with the consequences

GDPR Awareness Training

Module-GDPR-07.jpg

General Data Protection Regulation (GDPR) is law and will be fully implemented in May 2018, from that date the ICO will be auditing businesses to ensure they are compliant and managing their data in accordance with the new regulations.
 
We are able to assist you in the early stages by providing you with a GDPR awareness course, The 2 hour course will cover;-
 

  • What your requirements and obligations are.
  • Penalties if a data breach is found.
  • What are special exemptions.
  • Retention rules of personal data.

 
This is designed for a minimum of 2 people and a maximum of 10/12. At the end of the course you will be aware of the implications of the new regulations and a copy of the notes will be provided.
 
We plan to run a number of these courses, with the first one scheduled for 10.00am – 12.00pm on Thursday 11th May 2017. Course fee £50.00 + VAT per person and will be held at the address below:

Heaton House,
Blackhall Innovation Centre,
Bradford Road,
HD6 4BW.
 
If you would like to book on to the training course please let us know asap and we will contact you to make the arrangements.

Contact us:
Office Phone: 01484 506960
Email: info@netpointsolutions.co.uk