Preparing for the GDPR
The General Data Protection Regulation and what it means for your business
In 2018 the General Data Protection Regulation (GDPR) will come into force. It is an EU regulation updating the rules for privacy and protection of data of EU citizens. Plus, it was passed with a view to cut down the costs of compliance by having all EU countries using the same set of rules.
Of course, the UK is currently in the process of exiting the EU but as the Regulation comes into force next year, and we’re unlikely to exit the EU before 2019 the rules will apply to UK businesses. Plus, after we leave the EU the GDPR will still be part of UK law and likely to be implemented into UK law, post-exit, thanks to a new Data Protection Act, likely to be enforced in time for the GDPR deadline.
Security and the cloud
At Storm Internet we are committed to being GDPR compliant across all of our cloud products before the enforcement date in 2018. (25th May 2018). We are also committed to ensuring security across our products. We have educated ourselves on the upcoming change of rules and can assist and advise our customers in the compliance requirements.
What do I need to do?
Compliance is a shared responsibility – we will ensure our cloud products meet the standards required through security, technology to meet all business needs, support and communication with our clients.
Firstly, do you need to comply? Any company that holds “personal data” relating to their customers or employees will need to comply with the new rules. The key definition here is what is personal data. Personal data is defined as any data that allows you to identify a living individual, so an Email address is personal data, for example. You will probably need an expert in the law to make sure you are compliant, and you’ll need to review what data you store, how you use it and whether it’s lawful to process it. You’ll also need to consider documenting your approach to compliance.
The GDPR is fairly similar to the current Data Protection Act provisions, so if your business is complying with the current law then you have a good starting point to work from. Some of the changes your business will need to be aware of include:
- A new approach to the way consent for processing is collected (when consent is the lawful basis for processing)
- Documenting how you collected certain types of data and how you process that data
- The possible need for a nominated Data Protection Officer if your business is large or processing large quantities of data
- Privacy notices will need to be updated
- Awareness of the changes to individuals’ rights and subject access requests including the new rights to erasure and data portability
- The need to report data breaches, under certain circumstances to the ICO and data subjects
Effects of non-compliance
Any breach or non-compliance would not only have a devastating effect on the reputation of your business but you could face hefty fines of up to €20m or up to 4% of the global business turnover – whichever is higher.
Your business will be protected against potential ruinous fines if it can be shown you’re doing all that the law requires to protect customer data. So you need to show you have done due diligence by employing proper security and having all procedures in place.
At Storm we are aware of the ever-increasing risks of hacks and data breaches taking place online. As a server provider we don’t just provide the basic commodities, i.e. just a server, we ensure that your server is secured to the highest Payment Card Industry standards. We manage and monitor for you 24/7 in order to provide ultimate peace of mind.
Learn more about Storm’s GDPR-optimised hosting, or call us on 0800 817 4727
Speak with a Storm Expert
Please leave us your details and we'll be in touch shortly
A Trusted Partner