What is GDPR?
GDPR is a regulation which will strengthen and unify data protection for all individuals within the European Union. Currently, the UK relies on the Data Protection Act (DPA) 1998, but this will be replaced by the new legislation.
It introduces tough fines for non-compliance and data breaches, and gives people more say over what companies can do with their data. The legislation impacts consumer data and business contacts data, click here for b2b information from the DMA.
Why is GDPR necessary?
The EU wants to achieve the following primary goals:
- Give people more control over how their data is used by businesses
- Provide people with peace of mind through data being securely stored & protected from hackers
- Ensure email marketers address how they pursue, obtain, and document consent where it is needed
The current legislation was enacted before the internet and cloud technology created new ways of exploiting data, and the GDPR seeks to address that. By strengthening data protection legislation and introducing tougher enforcement measures, the EU hopes to improve trust in the emerging digital economy.
What type company does GDPR apply to?
GDPR applies to any company that stores customer and prospective customer data, this includes data in mailboxes, servers or on the cloud.
There are data ‘controllers’ and ‘processors’. The controller says how and why data is processed and the processor stores the data. If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to securely store and protect data, maintain records of data as well as log details of all processing activities. You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR.
However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
How totality services can help?
totality services can ensure your business is GDPR compliant for ‘Information security’ requirements. Our solutions include:
- IT Security risk assessment of all systems and software
- Anti-virus & Anti-malware software for Workstations & Servers
- Central Security Management
- Enforced daily virus and malware scans on all Workstations
- Our helpdesk team is automatically & instantly made aware of any security threats (viruses & malware) on Workstations & Servers
- Multi-Factor Authentication for Office 365 & G-Suite
- Encryption software for Workstations, NAS devices & Servers
- Data backup solutions for Office 365, G-Suite, NAS devices & Servers
- Hosted Active Directory for security
- Includes automated user password resets, workstation Operating System updates, screen locking after a defined period, single user sign-on credentials for all systems / software and much more
Other GDPR solutions we offer may be required depending on systems used.
When GDPR is enforced from 25 May 2018, breached organisations will find the fines they face increasing dramatically. Penalties will reach an upper limit of €20 million or 4% or annual global turnover – whichever is higher.
For many businesses, the threat of insolvency or even closure because of GDPR penalties will soon be very real.
Get in touch
If you need help with achieving GDPR compliance please get in touch and we’ll be happy to assist.