Are you ready for GDPR?

With the EU's grace period rapidly running out, and maximum fines of up to €20 Million (or 4% of global turnover) in event of a breach, there is a lot at stake for companies falling behind the May 2018 deadline.

It has been nearly 20 years since the UK’s data protection laws were last updated, in the form of the Data Protection Act 1998. That legislation was intended to bring UK law into line with the EU’s Data Protection Directive, which was introduced in 1995. Since then, our mobile phones have become miniature computers and we have witnessed the proliferation of internet devices, the birth of online banking, online retail and the growth of entirely new industries based on the use of our personal data.

General Data Protection Regulation (GDPR)

To meet the evolving needs of data protection, the GDPR was developed to give citizens back control of their personal data - strengthening and unifying data protection for individuals within the EU, whilst addressing the export of personal data outside the EU. With the demise of Safe Harbour, companies that export and handle the personal data of European citizens will also need to comply with the new requirements put forth or be subject to consequences.

GDPR Compliance Assessment

According to recent research, over half of businesses lack preparedness for the GDPR. The GDPR Compliance Assessment by Infosec Partners helps organisations achieve compliance to the GDPR. Performing a thorough review of security policies and infrastructure in place, as well as agreements with 3rd party suppliers which may process data on their behalf, we identify and gaps to compliance and provide a clear path to bridge the gap.

1. Be able to demonstrate you can react quickly to a breach.
2. Establish a framework for accountability
3. Ensure Privacy by Design is embedded into processes and products.
4. Be aware of how much personally identifiable information (PII) you process. 
5. Ensure your privacy notices and policies are clear and easy to understand.
6. Consider the rights of data subjects.
7. If you are a supplier, consider whether you have new obligations. If you use suppliers, consider how they manage your client data.
8. Review the need for cross-border international data transfers.