GDPR & GDPR Assessment
The EU General Data Protection Regulation (GDPR) comes into force on 25th May 2018. All organisations that process the Personally Identifiable information of EU residents will be required to abide by the provisions of the directive. Your company should conduct a GDPR assessment as soon as possible.
Some of the key requirements to note are as follows:
- If your business is not in the EU, you still have to comply with the Regulation.
- The definition of personal data is broader, bringing more data into the regulated perimeter.
- Consent will be necessary to process children’s data.
- Changes to the rules for obtaining valid consent.
- The appointment of a data protection officer (DPO) will be mandatory for certain companies.
- The introduction of mandatory privacy risk impact assessments.
- New data breach notification requirements.
- The right to be forgotten.
- The international transfer of data.
- Data processor responsibilities.
- Data Portability.
- Privacy by Design.
- One stop shop for compliance.
The penalties for non-compliance are onerous. Breached organisations can expect fines of up to 4% of annual global turnover (NB turnover NOT profit) or €20million – whichever is greater.
Formally approved by the European Parliament in April 2016, it will supersede national laws such as the UK DPA. Brexit will not affect the introduction to the UK and compliance is from 25th May 2018.
CCS can prepare you and your business through our GDPR assessment services and GDPR implementation services. If you would like more information then please Contact Us. You can also watch an excellent (30 minute) Webinar on GDPR here.
BS 10012:2017 Data protection – Specification for a personal information management system
The objective of BS 10012:2017 is to enable organizations to put in place, as part of the overall information governance infrastructure, a personal information management system (PIMS) which provides a framework for maintaining and improving compliance with data protection requirements and good practice.
This latest edition has been written in recognition of the publication of the European Union General Data Protection Regulation (GDPR), that will come into force on 25 May 2018.
Implementing BS 10012 will support many organisations in their implementation of an appropriate “Information Governance” strategy. It will also help in protecting the organisation from the fear of significant fines and reputation damage following non-compliance, as well as helping to reduce the ‘actual’ cost of recovery following privacy breaches.
CCS can prepare you for GDPR and/or BS10012 through our GDPR assessment services and GDPR implementation services. If you would like more information then please Contact Us.