General Data Protection Regulation – GDPR Nottingham
Starting from May 2018, a new European privacy regulation called GDPR will be enforced that will permanently change the way businesses collect, store and use customer data. The main objective of the legislation is to give back control to EU citizens and residents over their personal data and to also make the regulations for international business simpler, by unifying regulations within the EU.
Who Will GDPR Affect?
GDPR applies to any organization in the world that processes EU residents’ personal data.
Even if your business is based outside of the EU, if you are processing EU residents’ data then this legislation will apply to you.
The task of complying with this regulation is down to businesses and organisations and because GDPR is a regulation, not a directive, the UK does not need to draw up new legislation – instead, it will apply automatically.
In depth and detailed accounts of GDPR and to read the official guide to GDPR, visit the ICO’s website here, who we have produced a number of tools to help organisations prepare.
Preparing for GDPR: The Next Steps
There’s quite a panic surrounding the preparation for GDPR regulations, as the potential fines are enormous and many companies are purposely scaremongering and taking advantage of business owners.
We would like to highlight the fact that GDPR is being introduced as a positive change to the way our personal information is stored and it should not be feared, however it should be taken seriously all the same.
It is important to understand that businesses can’t just pass a ‘GDPR audit’ and become GDPR compliant as there is no such thing as a GDPR certification. Likewise, there are no exercises and practices you can put into place that will guarantee immunity from breaches, and therefore fines.
What you can do, is put as much effort into being as compliant and secure as possible.
Essentially, the more procedures that are in place to demonstrate that you are taking GDPR seriously and the more your business has done to protect your network and data, the harder it will be for someone to access company data and potentially leak it. For example, becoming Cyber Essentials or Cyber Essentials plus compliant is a great start.
If someone still manages to leak your data, despite putting procedures in place to prevent breaches, you may still get fined, but it will be considerably less than if you had not used your best efforts.
Technical Director, Joe Burns explains…
“Think of it as if someone were to steal money from a bank, but the vault door was wide open- the bank would get fined a huge amount of money as a thief had gotten away with the goods, because there were little or no procedures in place to stop it.
However, if that vault was sealed shut and protected by lasers and a thief managed to somehow get away with the money, the bank would still be fined, only much less, as there were clear attempts to prevent it.”
We can help you prepare for GDPR with our range of services:
- Cyber Awareness Training: We can help your employees learn how to protect the company network in order to minimise risk, as employees are the last line of defence against hackers. Most data leaks are a result of human error- not technology. Training covers a host of other topics and areas that are vital to understand such as how to spot attempted ‘break-ins’ to the network via email phishing etc.
- GDPR Nottingham Training: Pyranet offer GDPR Training in Nottingham and nationwide, our seminars help employees with understanding the requirements of GDPR and ensures that they are well equipped to plan, implement and maintain a compliance programme. Our simple, non-techy seminars are a popular choice amongst our clients.
- Cyber Essentials: We can offer accreditations such as Cyber Essentials and Cyber Essentials plus, which are government backed schemes, to show that you have made clear attempts to keep your company network as secure as possible, which could significantly reduce any fines.
- JellyPhish: Malicious emails are the number one cause of data breaches. JellyPhish is a simulated phishing and cyber awareness training platform, designed to help employees become more vigilant when opening emails that could potentially be malicious.
- Health checks: We also offer ‘health checks’ where we review certain areas within your IT infrastructure that may need improvement in order to be as secure as possible.
We understand that there are a lot of areas to consider, and the way GDPR fines work can be confusing. If you’re struggling to get to grips with what you should be doing, then talk to us about any of the above- we’re happy to help!
Have you read our guest blog by Laura Hampton from Impression Digital Marketing in Nottingham? Laura attended a GDPR seminar with Joe Burns and summed up what she had learnt in the session.
There’s more to Data Protection than just GDPR:
Whilst GDPR is very important, data protection and privacy is bigger than just GDPR. It is vital not to forget about pre-existing legislations such as PECR, The Privacy and Electronic Communications Regulations.
PECR is another piece of legal control surrounding the collection and use of data that is often overlooked. PECR regulates the sending of emails and texts for marketing purposes as well as automated calling, requiring consent for these activities. On the other hand unless you’ve registered with the Telephone Preference Service or opted out, live marketing calls can be made without consent.
For advice and guidance with PECR, visit the ICO website here.
Keep up to date with our week-by-week GDPR Bitesize articles to help make GDPR easier to digest by visiting our news page.
GDPR in the News
1. Wetherspoon’s Delete All Email Addresses. (Read More)
2. TalkTalk fined AGAIN (Read More)
3. Flybe fined for sending 3.3. unwanted emails (Read More)
4. Carphone Warehouse fined (Read More)