News

Questions? We Take the What, When and How Out of GDPR

Thu, 25/05/2017 - 21:14
Redstor_GDPR
Data Protection

With the General Data Protection Regulation (GDPR) set to take effect in a year and a day, Redstor cut back the jargon and give you the answers you need.

What?

GDPR, replaces the previous Data Protection Directive (DPD), adopted in 1995, and will in the UK, replace and strengthen the Data Protection Act (DPA). One of the initial differences between GDPR and DPD, is that GDPR is a regulation not a directive; as a regulation, no additional enabling legislation will have to be passed by governments of member states.

Key points under GDPR include:

  • More focus on the protection of personal data
  • Higher fines for non-compliance (€20 million or 4% of global revenue)
  • Breach notifications must be reported in 72 hours.
  • Organizations will be effected globally

When?

GDPR has been making headlines for some time and it is more than likely you’ve heard or read about it. The General Data Protection Regulation, was first proposed by the European Commission in 2012 and following lengthy consultancy stages and talks became law in May 2016. At this stage member states were given a 2-year period in which to become compliant with the regulation.

  • The 2-year period ends on May 25th 2018, when GDPR becomes active.

How?

Each member state is responsible for complying with the Regulation as this will become European Law, they then have the powers to create additional legislation in certain categories and around ‘special data’.

Each member state or union will have to regulate the new laws and the relevant supervisory authority will be responsible for investigating data breaches and assigning penalties as necessary

  • In the UK this is the Information Commissioners Office (ICO)
  • In Germany this is The Federal Commissioner for Data Protection and Freedom of Information

As the regulation effects all organizations who hold or process data on any European citizen or organization, it has been called the Global Data Protection Regulation by some.

Preparing

To ensure your organization is prepared for GDPR it is important to gain an understanding of the legislation that will affect you, your responsibilities and importantly of your data.

Organizations are likely to have to implement, or at least update, data protection policies that are in place. It is important to take ‘technical and organizational measures’ to ensure data is protected and the risk of data breach is minimized.

To find out more information around the GDPR and how you can ensure compliance, download the Redstor whitepaper for a complete guide.

Definitions:

Key definitions are set out in Article 4 for the purposes of this regulation.

  • DATA SUBJECT – An individual who is the subject of personal data.
  • DATA PROCESSOR – Any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
  • DATA CONTROLLER – A person who (either alone or jointly or in common with other persons) determines the purpose for which and the manner in which any personal data are, or are to be, processed.
  • PERSONAL DATA – Any information related to a data subject that can be used directly or indirectly to identify that person*.
  • DATA BREACH – A data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

*Under GDPR this now covers information including an IP address.

 

 

Recent Articles

Redstor_Loiberty_blog Ransomware

Liberty At Risk After Major Breach

South African Insurance firm Liberty have suffered a major data breach with the potential to put client and customer data at risk. There is little... read more

June 21, 2018
Redstor-DR_or_reduced_downtime_blog Disaster Recovery

Disaster Recovery or Reduced Downtime?

Disaster recovery (DR) has historically been out of reach to some organisations. The need for expensive equipment or services outweighed the... read more

June 19, 2018
Redstor_UK Data Breaches_blog Data Protection

Data Breaches In The Public Sector

Data breaches are an expensive problem and are about to become even more costly. The introduction of the GDPR will make them more expensive,... read more

June 14, 2018