Are South East companies ready for new European Union data protection regulations?
The General Data Protection Regulation (GDPR) is a law not a directive because it will be implemented and enforced in all 28 EU countries.
Fines for failing to comply may be as high as €100 million or 5 per cent of your revenues – whichever is the greater.
Once it’s implemented, any company that processes data will be responsible for protecting that data. This includes third parties such as cloud services providers.
It will also impose much tighter rules on how data is shared outside the EU. Non-EU businesses who sell their services in Europe will also have to comply.
Explicit consent will be required from someone before their data can be used and any requests to see data will need to be provided in a much shorter time – possibly 20 days. That’s half the time currently allowed in the UK.
Customers will also have new rights to have their data erased from your records, so you’ll need to have synchronisation protocols in place to make sure every database and spreadsheet is wiped at the same time.
It’s clearly vital for companies in the South East to tighten up on all data-related aspects of their business before the new regulations come into force. A good way to achieve this is by obtaining ISO 27001 certification for demonstrating that you have a good information security management system in place.
To prepare for ISO 27001, a business must first carry out a thorough risk assessment covering a range of issues including their access control policy, their user-registration process and the policies and controls that prevent unauthorised physical access and damage to information. There’s a comprehensive ISO 27001 risk assessment checklist online.
Gary Jowett from CNC in Brighton says: “Making sure data is managed securely in compliance with the new regulations will be vital for all businesses to avoid hefty fines and in order to do business with large corporations and the public sector. This is instrumental in our decision to prepare for ISO 27001 certification because it shows we have the proper processes in place to protect our customers’ data.”