GDPR came into force in May 2018. It impacts all businesses across the European Union regardless of Britexit. The General Data Protection Regulation (GDPR) brings the Data Protection Act (1998) up to date with current technologies. All business are included from the major corporation through to the one man band.
Major Corporations will have their own compliance teams already in place dealing with things like ISO27001 etc. For them GDPR slots nicely into an existing governance regime.
For smaller organisations that cannot afford the resources of the major companies, dealing with GDPR is a nightmare of contradictory information.
We aim to cut through all that and provide you with a clear path to GDPR compliance that is both effective and affordable.
We start with a free, no obligation consultation. Here we discuss in more depth how the process works and give you a better understanding of just what GDPR is and your obligations under the regulation.
We will then agree an approach to move this forward that is tailored for you. Many companies want us to complete the entire compliance exercise for them, others are happy to pick and choose, completing certain elements themselves.
GDPR Compliance is a moving target. As new systems are introduced or upgraded it is important to check that this will not expose you to a breach. This will require an impact assessment. In most cases this would be ‘light touch’ but occasionally it will require more. You will also need to have someone who can deal with any Subject Access Requests and be a point of contact for the Supervisory Authority. We can help with that too.
Scary figures we know. In reality administrative fines will be assessed on a case by case basis.
The regulation says they must be effective, proportionate and dissuasive. But will take into account the nature and circumstances as well as the number of subjects involved.
This headline grabbing figure is the maximum administrative fine that can be imposed if the breach involved special category data – that includes things like medical information, trade union affiliation etc. so, although theoretically possible, we would be surprised to see these figures being imposed.
The best way of measuring this is to look at the Information Commissioners web site under the actions we have taken section to see what fines are being imposed under the current act. Be aware that the Information Commissioner is responsible for enforcement under a number of regulations. Not all actions have been taken under GDPR.
Cyber Essentials is an official UK wide, government-backed certification that helps companies guard against the most common cyber threats and reduce your risk by at least 80%. It also allows you to demonstrate your commitment to cyber security to prospective customers.
SO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organisations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.
Website was built with Mobirise