The General Data Protection Regulation, or GDPR, is coming into effect in the UK from 25 May 2018 and will replace the Data Protection Directive of 1995. But what is it? And what does it mean for your business?
The GDPR is designed to improve the safety of web users by extending the scope of current EU data protection law. In effect, this means that all foreign companies processing the data and details of EU citizens must abide by standardized EU regulations designed to keep us safe. The idea behind it all is to give power back to the individual and give people more control about how much of their personal data is stored and what it’s used for. Sounds good, right?
For the average Joe, definitely. For big businesses, not so much. As individuals, GDPR will give us a lot more power to access the information that’s held about us. At the minute, we have to pay a £10 Subject Access Request (SAR) to be given the info that’s held about us. This will be scrapped under the GDPR, with companies large and small being forced to let us know what personal data they’ve got within a month. GDPR will also allow individuals to have their data erased if the purpose it was collected for is made redundant or if the consent is withdrawn, putting power back in the hands of the people. GDPR will even enable regulators to fine companies up to four percent of their global turnover if an individual’s data is processed wrongly or accessed by a cyber-intruder in a security breach.
All of this is bound to have a huge impact on how companies store data. Security and privacy will now become the priorities for IT teams creating data storage facilities. Encryption now becomes a must for all companies storing data lest they risk a monumental fine, meaning today’s ‘Data Administrators’ need to become Data Guardians once GDPR kicks in for their employer’s own good.
In addition to this, companies using a cloud-based storage system, or, indeed, a hybrid of on-site and cloud data storage facilities, will have to have greater contact and liaison with their service providers to ensure the personal data they hold is secure. Cloud service providers will be held equally as responsible as the respective company holding personal data should there be a breach, so it’s likely we’re about to see a greater co-operation between both entities in the future. If the incoming GDPR has you thinking about network security, get in touch with the TechCare team to find out more about our solutions.