General Data Protection Regulation

What is GDPR?

General Data Protection Regulation (GDPR) is new data protection legislation that was approved and implemented by the European Parliament in April 2016. As European Law, it will fully take effect after a 2-year transition, ending May 25th 2018.

GDPR replaces the previous European Data Protection Directive (DPD), adopted in 1995, and in the UK it will replace the Data Protection Act (DPA). One of the initial differences between GDPR and DPD, is that GDPR is a regulation not a directive; as a regulation, no additional legislation must be passed by governments of member states for it to come into effect. While containing many prescriptive requirements, such as documenting IT procedures, performing risk assessments, defining data collection and retention policies and notifying authorities of breaches, the GDPR is more descriptive than prescriptive.

How will GDPR affect my business?

Businesses of all sizes will need to prepare for GDPR and be able to demonstrate compliance. One of the main differences between GDPR and the Data Protection Act (DPA) is the transparency that businesses will need to provide to the enforcing authority. In the UK this authority is the Information Commissioner’s Office (ICO).

The main changes to data protection regulation that businesses will need to be aware of are:

  • Harsher penalties for noncompliance

  • A requirement for increased auditing and reporting

  • Increased responsibility placed on data processors

  • Increased individual rights i.e. the right to be forgotten and subject data requests

  • Extraterritoriality

The cost of non-compliance

The ICO will be the regulatory body that enforces the GDPR in the UK. One of their functions is to administer fines for non-compliance. The fines can be substantially larger under GDPR than under the Data Protection Act. They can be as high as €20 million or 4% of Global Turnover, whichever is greater, for a data breach. The ICO will also have a vested interest in administering fines as they will be funded by the fines they administer.


How Redstor can help?

Redstor are ISO 27001 and 9001 certified and have almost 20-years’ experience in managing and protecting data across multiple platforms for organisations of all sizes, from Enterprises to SMEs to schools. Redstor have designed and implemented well-documented data protection policies that ensure all aspects of the General Data Protection Regulation are upheld with regards to backup data and working with data processors.

Redstor have the ability to give insight into the data organisations have on their networks, advise on best practice to protect data and then implement strategies around backup, archiving and disaster recovery.

In addition to this, we will be partnering with GDPR365 to help our customers and partners prepare for the introduction of GDPR. GDPR365 will enable companies to get their compliance documentation in order, train employees and manage direct marketing, HR and IT services with ease. Furthermore, GDPR365 provides organisations with a means of managing data subject access requests and provides a framework for reporting breaches in the security of your personal data.


Have a question about GDPR?