GDPR

What Does GDPR Mean for UK Organisations?

The General Data Protection Regulation (GDPR) came into force in May 2018 as EU legislation and was also enshrined in UK law. This effects every organisation carrying out business in the United Kingdom that holds personal information. Personal data includes names, addresses, credit card details and even computer IP addresses.

The UK GDPR legislation has tightened the use of personal data and consequently requires organisations to protect the data they use. Failing to do so can result in huge penalties. There are several key points to the legislation:

Consent

When you acquire personal information about people, such as through a web site, you must obtain their explicit consent. The exact wording is:

“Consent under the GDPR requires some form of clear affirmative action. Silence, pre-ticked boxes or inactivity does not constitute consent. Consent must be verifiable. This means that some form of record must be kept of how and when consent was given. Individuals have a right to withdraw consent at any time.”

This may require changes to forms used on web sites and other media to remain within the law.

The Rights Of The Individual

Under GDPR, individuals have the right to obtain confirmation their data is being processed. They also have the right to be given a copy of the data, correct it if required and request that it be erased (known as the right to be forgotten).

Requests from individuals need to be promptly dealt with. It is important all data held by organisations is therefore well maintained.

Data Protection And Accountability

When data is held, you have an obligation to implement technical and organisational measures to show you have considered and integrated data protection into your processing activities.

In addition to ensuring your processing of data offers protection, the technical aspects of security can include data encryption, firewalls to protect networks and anti-malware software. Vantage IT can provide the assistance you require to protect your data. One of the methods suggested to ensure compliance is data encryption.

Organisations are required to demonstrate they comply with the principles of UK GDPR and need to show how they fulfil the requirements. For example, by documenting the decisions taken about a processing activity.

Breaching The GDPR

All organisations have a duty to report certain types of data breach to the supervisory authority and in some cases to the individuals affected. With encrypted data, there may be instances where breaches do not need to be notified.

Your organisation can be subject to huge penalties that really are punitive. It can result in fines of up to £17m (€20m) or 4% of global turnover, whichever is larger.

There is also the potential for people who have been victims of data breaches suing for damages, multiplying the potential costs an organisation could face.

Where To Start

The Information Commissioner’s Office (ICO) has provided resources to explain what tasks you need to carry out.

A Guide to the UK General Data Protection Regulation (UK GDPR) can be found on the ICO website. This includes a data protection self assessment to understand your compliance with data protection law and find out what you need to do to make sure you are keeping people’s personal data secure
Please contact us to find out how Vantage IT can assist with getting you GDPR ready and therefore protect you organisation.

Please Note

This information is our understanding of the legislation at the time of writing. Vantage IT will not be liable for any errors or omissions.

Vantage IT provides assistance with the many elements impacted by GDPR. We will help with the following:

Data Protection

Data encryption to protect data

Prevent Unauthorised Access

Firewalls to prevent unauthorised external access to your networks

Limit Malware

Anti-malware software to limit the possibility of malware stealing your data

IT Policies

Introduce IT policies to inform staff about the protection of data

Passwords

Enforce IT network-wide rules to increase the complexity of passwords and limit the use of flash drives where data can be easily removed and lost

What You Should Do

The Information Commissioner’s Office (ICO) has provided resources to explain what tasks you need to carry out.

A Guide to the UK General Data Protection Regulation (UK GDPR) can be found on the ICO website. This includes a data protection self assessment to understand your compliance with data protection law and find out what you need to do to make sure you are keeping people’s personal data secure

To get UK GDPR compliant, there are a number of tasks that need to be carried out. These include:

 
  • Appoint someone as the data protection officer. As a result it will be their job to implement GDPR and confirm that your organisation complies.
  • Draw up a policy that stipulates how you handle data and how you protect it.
  • Implement measures to keep data safe. This includes encryption, secure storage, protection for IT networks and user education. Data should be protected in any form it is transmitted or stored. This can be emailing, file sharing, storing, voice calls and CCTV.
  • Train all your staff about the importance of data security and consequently, the dangers of losing data.
Download Our FREE Guide

The Ultimate Guide To Defending Your SME Against Cyber Attacks

It is vital that you make cyber security a priority to ensure that your business is protected from threats. In this guide, you will learn about the different threats out there and how you can go about protecting your business.

GDPR

Some Sectors We Work With

Recruitment

Medical

Manufacturing

Distribution

Charity & Education

Hotel & Leisure

Our Work

Case Studies

5: Over a Decade of Supporting a Growing Customer

Most of our customers have been with Vantage IT for many years, developing great relationships and growing together. One of our first customers, a Mil...

4: Proven Adaptability to Meet Our Customer’s Needs

When acting as an outsourced IT department to our customers, we have to be able to adapt to their changing needs to ensure their businesses expand and...

3: Recommendation Leads to Entire Network

Vantage IT was contacted by a lady whose husband had recommended us for our high quality service, as we supplied and supported the computers at his or...

What Our Clients Say

Testimonials

Where We Cover

  • Bedfordshire
  • Hertfordshire
  • Buckinghamshire
  • Oxfordshire