GDPR is the set of new European regulations which are due to take effect from May 2018 relating to data and information security. The regulations cover how you handle and protect data (electronic or otherwise) and include storage, sharing, usage, permission, disclosure and erasing. UK organizations handling personal data will still need to comply with the GDPR, regardless of Brexit. The GDPR will come into force before the UK leaves the EU, and the government has confirmed that the Regulation will apply, a position that has been stated by the Information Commissioner’s Office (ICO). The GDPR sets out much bigger fines for non-compliance — up to 4 per cent of global annual turnover, or £20m, whichever is greater. At present, the Information Commissioner’s Office can issue a maximum fine of £500,000 for breaches of data rules.
GDPR compliance is not just a matter of ticking a few boxes; the Regulation demands that you be able to demonstrate compliance with the data protection principles. This involves taking a risk-based approach to data protection, ensuring appropriate policies and procedures are in place to deal with the transparency, accountability and individuals’ rights provisions, as well as building a workplace culture of data privacy and security. As with any successful change process, implementation of GDPR will require organisational leaders to buy into and support the changes to organisational processes.
At Lansafe we en-devour to make our policies and procedures and systems fully compliant with the GDPR and to assist our customers in achieving compliance for themselves.
Contact Lansafe to discuss your companies current GDPR compliance procedures.