Happy New Year! Welcome in the GDPR
You know what it’s like, the New Year celebrations are done and its back the realities of work. Part of that reality for 2018 is the enforcement of the GDPR that starts on the 25th May. You’re probably familiar with the basics, but just in case here is the GDPR in 59 words.
The General Data Protection Regulation replaces the Data Protection Act. It extends the definition of personal data and sets tougher sanctions for non-compliance. A new right, Data Portability, allows individuals to take personal data from one organisation to another. Organisations must take a risk management approach to data protection and some are mandated to have a Data Protection Officer.
There’s quite a lot more to it of course and the Regulation is not light reading by any means.
It’s important to recognise that that GDPR has been designed as a set of practical regulations. Let’s take data breaches, the GDPR sets out that there are three classes of breach and then mentions a deadline of 72 hours for a breach to be reported to the supervisory authority (the ICO in the UK).
With the emphasis on risk management though, only breaches that present a risk to peoples’ rights and freedoms must be notified. This was confirmed by Elizabeth Denham, the Information Commissioner back in September of last year.
Data mapping is the key to this risk assessment and its one of the most important things you can do to prepare for compliance. It’s about understanding how personal data flows through the systems and processes of your organisation. From this map, you’ll be able to see the potential risks to ensure the proper security in in place. In the event of a breach you’ll be able to know what data has been compromised and where suspect data can end up.
To see how we can help you be prepared click here
