5: Over a Decade of Supporting a Growing Customer
Most of our customers have been with Vantage IT for many years, developing great relationships and growing together. One of our first customers, a Mil...
The General Data Protection Regulation (GDPR) came into force in May 2018 as EU legislation and was also enshrined in UK law. This effects every organisation carrying out business in the United Kingdom that holds personal information. Personal data includes names, addresses, credit card details and even computer IP addresses.
The UK GDPR legislation has tightened the use of personal data and consequently requires organisations to protect the data they use. Failing to do so can result in huge penalties. There are several key points to the legislation:
When you acquire personal information about people, such as through a web site, you must obtain their explicit consent. The exact wording is:
“Consent under the GDPR requires some form of clear affirmative action. Silence, pre-ticked boxes or inactivity does not constitute consent. Consent must be verifiable. This means that some form of record must be kept of how and when consent was given. Individuals have a right to withdraw consent at any time.”
This may require changes to forms used on web sites and other media to remain within the law.
Under GDPR, individuals have the right to obtain confirmation their data is being processed. They also have the right to be given a copy of the data, correct it if required and request that it be erased (known as the right to be forgotten).
Requests from individuals need to be promptly dealt with. It is important all data held by organisations is therefore well maintained.
When data is held, you have an obligation to implement technical and organisational measures to show you have considered and integrated data protection into your processing activities.
In addition to ensuring your processing of data offers protection, the technical aspects of security can include data encryption, firewalls to protect networks and anti-malware software. Vantage IT can provide the assistance you require to protect your data. One of the methods suggested to ensure compliance is data encryption.
Organisations are required to demonstrate they comply with the principles of UK GDPR and need to show how they fulfil the requirements. For example, by documenting the decisions taken about a processing activity.
All organisations have a duty to report certain types of data breach to the supervisory authority and in some cases to the individuals affected. With encrypted data, there may be instances where breaches do not need to be notified.
Your organisation can be subject to huge penalties that really are punitive. It can result in fines of up to £17m (€20m) or 4% of global turnover, whichever is larger.
There is also the potential for people who have been victims of data breaches suing for damages, multiplying the potential costs an organisation could face.
The Information Commissioner’s Office (ICO) has provided resources to explain what tasks you need to carry out.
A Guide to the UK General Data Protection Regulation (UK GDPR) can be found on the ICO website. This includes a data protection self assessment to understand your compliance with data protection law and find out what you need to do to make sure you are keeping people’s personal data secure.
Please contact us to find out how Vantage IT can assist with getting you GDPR ready and therefore protect you organisation.
Vantage IT provides assistance with the many elements impacted by GDPR. We will help with the following:
Data encryption to protect data
Firewalls to prevent unauthorised external access to your networks
Anti-malware software to limit the possibility of malware stealing your data
Introduce IT policies to inform staff about the protection of data
Enforce IT network-wide rules to increase the complexity of passwords and limit the use of flash drives where data can be easily removed and lost
The Information Commissioner’s Office (ICO) has provided resources to explain what tasks you need to carry out.
A Guide to the UK General Data Protection Regulation (UK GDPR) can be found on the ICO website. This includes a data protection self assessment to understand your compliance with data protection law and find out what you need to do to make sure you are keeping people’s personal data secure
To get UK GDPR compliant, there are a number of tasks that need to be carried out. These include:
Are you concerned about the impact of GDPR on your business? Do you want to ensure your organisation fully complies with the latest regulations? Download our free guide to gain valuable insights into GDPR's core principles and how they relate to your IT infrastructure.
The Complete IT Support Solution
For over 30 years Vantage IT has been acting as your own outsourced IT department, providing monitoring, proactive maintenance and support.
Most of our customers have been with Vantage IT for many years, developing great relationships and growing together. One of our first customers, a Mil...
When acting as an outsourced IT department to our customers, we have to be able to adapt to their changing needs to ensure their businesses expand and...
Vantage IT was contacted by a lady whose husband had recommended us for our high quality service, as we supplied and supported the computers at his or...
Please contact us to find out how Vantage IT can assist with getting you GDPR ready and therefore protect you organisation.