Reading, 15 September 2021 – Redstor and XTECH announce a strategic partnership to protect customers’ traditional infrastructure as well as cloud and SaaS data from a single app.Continue reading
Please give us a few moments whilst we get your account ready.
In line with the upcoming General Data Protection Regulation (GDPR), Matt Hancock, Digital Minister, has announced plans for a new Data Bill set to strengthen current data protection laws in the UK. The GDPR has been making headlines across the globe in the last 18 months, but with less than 8 months until the deadline for compliance the UK government has begun the process of making the regulation UK law.
Among the noise of Brexit negotiations, some chose to believe that the GDPR may not take such an effect on UK based organisations; several months ago, it was reported that more than 40% of companies were not aware of or prepared for the GDPR coming into place. However, with the regulation set to affect all organisations that trade with or hold data regarding European Citizens, Brexit or not non-compliance is not an option.
The statement of intent published by the Department for Digital, Culture, Media & Sport on August 7th lays out an overview of the planned reforms to data protection in the new Data Protection Bill. Among many changes, one which has been heavily publicised is the increase in the fine that can be given as punishment for not complying with data laws. Previously, in the Data Protection Act (DPA), an organisation could be given a fine of up to £500,000 for a serious breach, this figure is now £17m or 4% of global revenue.
With the regulation set to come into place early next year, across Europe, each state will be charged with enforcing the new laws; The Information Commissioners Office will be responsible for this in the UK. Key changes under the new data protection bill include:
While some of the changes may seem drastic, it is important to realise that the DPA is almost 20-years old and the technological advancements that have come within that time.
“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world.” – Matt Hancock
To comply with GDPR it is important to understand which parts are likely to affect you or your organisation, for example some but not all organisations will have to consider employing a person in the position of Data Protection Officer to help with compliance.
An area that all organisations will have to comply with is updating processes around consent to the use of personal data. Organisations must be given clear and ‘unambiguous’ consent and must ensure that the purpose of data collection is clear and available, processes must also be put in place to be able to track consent and for consent to be easily withdrawn by the data subject.
Due diligence must also be taken by organisations to ensure that the managed service providers and contractors they work with are not putting the organisation at risk of data breach. It is stated in the regulation that ‘technical and organisation measures’ must have been taken.
A DPO’s primary focus will be to inform and advise an organisation and its employees about their obligation to comply with the GDPR and other data protection laws. Including monitoring compliance with GDPR, and other data protection laws, train staff and conduct internal audits. They must report into the highest level of management and cannot perform the role if they are in an alternate role that could create a conflict of interest.
Under the regulation, organisations must appoint a DPO if they are a public authority, carry out monitoring of individuals on a large scale or process special categories of data on a large scale.
Redstor will be partnering with GDPR365, to ensure all organisations are prepared for the new Data Protection Bill and the GDPR. GDPR365 gives organisations a platform to review and organise their processes to ensure they are GDPR compliant and to provide a framework for new documentation needed under the regulation.
Alternatively, download the GDPR White paper.
The recent ransomware attack on Kaseya, a cloud-based IT and security management provider services company that supplies tech-management tools to customers worldwide, has the potential to be the most serious cyber-criminal incident this year.Continue reading