Demonstrate GDPR Compliance

The General Data Protection Regulation governs how organisations use, process and protect data. The law, which came into effect on May 25th, 2018, now forms the Data Protection Act (2018) and is enforced by the Information Commissioner's Office, in the UK.

Demonstrate GDPR Compliance

The General Data Protection Regulation governs how organisations use, process and protect data. The law, which came into effect on May 25th, 2018, now forms the Data Protection Act (2018) and is enforced by the Information Commissioner's Office, in the UK.

Article 4

Key definitions under the general data protection regulation

  • A data subject is the individual who is the subject of personal data
  • A data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purpose and means of the processing of personal data
  • A data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller

Article 32

Security of processing data

Article 32 sets out conditions for the security of processing data under the GDPR and is vital for customer-facing organisations, service providers and suppliers.

Controllers and processors must implement ‘technical and organisational measures to ensure a level of security appropriate to risk’. It could be assumed risks like ransomware or a natural disaster must be accounted for.

  • Pseudonymisation and encryption

  • The ability to ensure on-going confidentiality

  • The ability to restore availability and access to data

The GDPR will affect all businesses, organisations and individuals within the EU. For organisations that are not compliant there is not only a higher risk of suffering a data breach, but a real risk of damaged reputation and a lack of customer confidence. Being compliant will set you apart, being non-compliant will drag you down.

Supervisory authorities can take action in several ways to reprimand organisations for non-compliance. The fines that can now be given for a major data breach can be up to €20 million or 4% of global turnover, whichever is higher.