News

Questions? We Take the What, When and How Out of GDPR

Thu, 25/05/2017 - 21:13
Redstor_GDPR
Data Protection

With the General Data Protection Regulation (GDPR) set to take effect in a year and a day, Redstor cut back the jargon and give you the answers you need.

What?

GDPR, replaces the previous Data Protection Directive (DPD), adopted in 1995, and will in the UK, replace and strengthen the Data Protection Act (DPA). One of the initial differences between GDPR and DPD, is that GDPR is a regulation not a directive; as a regulation, no additional enabling legislation will have to be passed by governments of member states.

Key points under GDPR include:

  • More focus on the protection of personal data
  • Higher fines for non-compliance (€20 million or 4% of global revenue)
  • Breach notifications must be reported in 72 hours.
  • Organizations will be effected globally

When?

GDPR has been making headlines for some time and it is more than likely you’ve heard or read about it. The General Data Protection Regulation, was first proposed by the European Commission in 2012 and following lengthy consultancy stages and talks became law in May 2016. At this stage member states were given a 2-year period in which to become compliant with the regulation.

  • The 2-year period ends on May 25th 2018, when GDPR becomes active.

How?

Each member state is responsible for complying with the Regulation as this will become European Law, they then have the powers to create additional legislation in certain categories and around ‘special data’.

Each member state or union will have to regulate the new laws and the relevant supervisory authority will be responsible for investigating data breaches and assigning penalties as necessary

  • In the UK this is the Information Commissioners Office (ICO)
  • In Germany this is The Federal Commissioner for Data Protection and Freedom of Information

As the regulation effects all organizations who hold or process data on any European citizen or organization, it has been called the Global Data Protection Regulation by some.

Preparing

To ensure your organization is prepared for GDPR it is important to gain an understanding of the legislation that will affect you, your responsibilities and importantly of your data.

Organizations are likely to have to implement, or at least update, data protection policies that are in place. It is important to take ‘technical and organizational measures’ to ensure data is protected and the risk of data breach is minimized.

To find out more information around the GDPR and how you can ensure compliance, download the Redstor whitepaper for a complete guide.

Definitions:

Key definitions are set out in Article 4 for the purposes of this regulation.

  • DATA SUBJECT – An individual who is the subject of personal data.
  • DATA PROCESSOR – Any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
  • DATA CONTROLLER – A person who (either alone or jointly or in common with other persons) determines the purpose for which and the manner in which any personal data are, or are to be, processed.
  • PERSONAL DATA – Any information related to a data subject that can be used directly or indirectly to identify that person*.
  • DATA BREACH – A data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

*Under GDPR this now covers information including an IP address.

 

 

Recent Articles

Redstor_Wannacry_blog Ransomware

WannaCry A Year On

Ransomware attacks took up many headlines throughout 2016 and 2017 as their quantity and effect became widespread, costing organisations and... read more

May 16, 2018
Redstor_Equifax_leak_blog Disaster Recovery

Equifax – The Breach That Keeps Getting Bigger

Last year in September 2017 Equifax revealed that they had numerous data files stolen by hackers. The Credit Ratings agency initially at the time... read more

May 15, 2018
Redstor_future_lawyer_summit_blog Redstor

Redstor Looking Ahead At The Future Lawyer Summit

On the 29th May, representatives from Redstor will attend London’s Future Lawyer Summit, a highly regarded conference, as an exhibitor. The one-day... read more

May 11, 2018