What is the GDPR?
The General Data Protection Regulation (GDPR) is a Regulation created by the European Commission to strengthen and unify data protection for individuals within the European Union (EU) and addresses export of personal data outside the EU. The aim is to give back control of personal data to the public and to unify the regulation within the EU.
Who does the GDPR apply to?
The GDPR applies to businesses handling personal data. These businesses are split into two categories: ‘controllers’ and ‘processors’. The ‘controller’ says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the Data Protection Act (DPA), it is likely that you will also be subject to the GDPR.
What does this mean to UK Businesses?
In a statement, the ICO emphasised that if the UK wanted to trade with the single market on equal terms, it would have to prove “adequacy” – this means that, from 2018, when the GDPR is released, the UK’s own data protection standards would have to be seen as equivalent to the EU’s GDPR framework in order to avoid hefty fines.
What should I be doing, as a business that handles data and information assets?
The ICO have published a GDPR Preparation Document to help businesses understand what will be required. ISO 27001 is also a great place to start. This internationally recognised, information security management system has been created by industry experts from across the globe to help businesses put robust data protection processes in place. It will identify areas for improvement, enabling you to set out an action plan to get your organisation to the standard it needs to be.
Also, once you have the correct processes in place, and these have been reviewed by a qualified auditor, you can demonstrate your compliance to interested parties by displaying the ISO 27001 Logo and Certification on your.