The General Data Protection Regulations and what they mean for your business
In 2018 the General Data Protection Regulations (GDPRs) will come into force. It is an EU regulation put in place to ensure privacy and protection of data held within its borders. Plus, it was passed with a view to cut down the costs of compliance by having all EU countries using the same set of rules.
Of course, the UK is currently in the process of exiting the EU but until we do we still have to comply with EU laws. Additionally, the UK will still impliment the GDPR despite plans to exit the European Union.
Security and The Cloud
At Storm Internet we are committed to being GDPR compliant across all of our cloud products before the enforcement date in 2018. (25th May 2018).
We are also committed to ensuring security across our products. We have educated ourselves on the upcoming change of rules and can assist and advise our customers in the compliance requirements.
What do I need to do?
Compliance is a shared responsibility - we will ensure our cloud products meet the standards required through security, technology to meet all business needs, support and communication with our clients.
Firstly, do you need to comply? A company that holds no private data on their customers or employees does not have to comply. The key definition here is what is private. Email is private, say the rules. You probably need an expert in the law to make sure you are in compliance. And you need to review which data fields you store and document the justification of each. Some companies will then decide to quit gathering information that they do not really need. That is really what the law stipulates
The GDPR is fairly similar to the current Data Protection Act provisions, so if your business is complying with the current law then you have a good starting point to work from. Some of the changes your business will need to be aware of include:
· The need to write a data protection plan,
· The need for a nominated Data Protection Officer if your business is large
· Ensuring risk assessment procedures are in place
· The requirement to ensure data held and possibly shared is accurate and up to date in both your own business and any organisation you share data with
· Privacy notices need to be current
· Awareness of the changes to individuals rights and subject access requests.
Effects of non-compliance
Any breach or non-compliance would not only have a devastating effect on the reputation of your business but you could face hefty fines of up to €20,000 or a percentage of the business turnover – whichever is higher.
Your business will be protected against potential ruinous fines if it can be shown you’re doing all that the law requires to protect customer data. So you need to show you have done due diligence by employing proper security and having all procedures in place.
At Storm we are aware of the ever increasing risks of hacks and data breaches taking place online. As a server provider we don’t just provide the basic commodities, ie, just a server, we ensure your server is secure to the highest Payment Card Industry standard. We manage and monitor for you 24/7 in order to provide ultimate peace of mind.
To learn how we can help you with GDPR compliance, please complete the form to the right or call us on 0800 817 4727 or via our website