window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-20840989-1');


We've detected that you're using Internet Explorer which is an old, insecure browser and incompatible with many modern features.
Our Customer Portal is not available for Internet Explorer users and we recommend using Chrome, Firefox or other modern browsers for best user experience and full functionality.

Tough new EU data protection regulations

Are South East companies ready for new European Union data protection regulations?

The General Data Protection Regulation (GDPR) is a law not a directive because it will be implemented and enforced in all 28 EU countries.

Fines for failing to comply may be as high as €100 million or 5 per cent of your revenues – whichever is the greater.

Once it’s implemented, any company that processes data will be responsible for protecting that data. This includes third parties such as cloud services providers.

It will also impose much tighter rules on how data is shared outside the EU. Non-EU businesses who sell their services in Europe will also have to comply.

Explicit consent

Explicit consent will be required from someone before their data can be used and any requests to see data will need to be provided in a much shorter time – possibly 20 days. That’s half the time currently allowed in the UK.

Customers will also have new rights to have their data erased from your records, so you’ll need to have synchronisation protocols in place to make sure every database and spreadsheet is wiped at the same time.

It’s clearly vital for companies in the South East to tighten up on all data-related aspects of their business before the new regulations come into force. A good way to achieve this is by obtaining ISO 27001 certification for demonstrating that you have a good information security management system in place.

To prepare for ISO 27001, a business must first carry out a thorough risk assessment covering a range of issues including their access control policy, their user-registration process and the policies and controls that prevent unauthorised physical access and damage to information. There’s a comprehensive ISO 27001 risk assessment checklist online.

Gary Jowett from CNC in Brighton says: “Making sure data is managed securely in compliance with the new regulations will be vital for all businesses to avoid hefty fines and in order to do business with large corporations and the public sector. This is instrumental in our decision to prepare for ISO 27001 certification because it shows we have the proper processes in place to protect our customers’ data.”

By |2015-07-07T16:47:22+01:007th July 2015|Uncategorised|Comments Off on Tough new EU data protection regulations

About the Author:

We use cookies to ensure that we give you the best experience on our website. We also use cookies to ensure we show you advertising that is relevant to you. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the CNC website. However, if you'd like to find out more please visit our Legal and Privacy policy page. Accept