In May 2018 the European General Data Protection Regulation will come into force. Organisations that don’t comply with these regulations could face crippling fines and very harmful publicity.
There already are regulations about how we protect sensitive data and these are wrapped up in the 1995 data protection directive, which the Information Commissioner enforces. The Information Commissioner’s office, an independent body, has a duty to “uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals”. Punitive fines and negative publicity resulting from data breaches rarely seem to happen, but with more stringent and wide-ranging requirements coming into force with GDPR, this is going to change.
The changes in GDPR 2018
With GDPR individuals will have greater rights to privacy and will be able to find out what information an organisation holds about them, at no charge. Alongside this, there will be a greater burden of responsibility on organisations to have clear structures for the management of personal information. Whilst most organisations will fall under the remit of GDPR, the bigger organisations are more likely to be prepared and it’s the small organisations which are most likely to fall foul of GDPR. It’s not just obviously personal or sensitive information that matters – any information about a contact falls under GDPR, even where the contact is anonymised in some way but there is some real information stored.
What do you need to do?
Security is critical to any organisation’s preparedness for GDPR and has become far and away the biggest concern now in ICT. Clearly, for ESP Projects, security is our focus and whilst we could write any number of articles about security (and feel free to contact us for help there), the purpose of this article is to flag the importance of GDPR. The best we can do here is give you a steer on where to find more information.
The GDPR regulations are written up in an inaccessible and lengthy document, which we’d recommend you leave for now. If you still haven’t made a start preparing for GDPR, or want more information, we’d recommend that you start with the reading below:
A very good introduction to the implications of GDPR has just been published by Wired magazine.
The Information Commissioner, as you would expect, has the most useful information. In particular, we recommend that you check out their guide to GDPR and the ICO’s self-assessment checklist.
Update: The ICO has announced a new helpline which will advise charities and SMEs how to be GDPR compliant by the deadline of 25th May 2018. Call 0303 123 113 and select option 4 to get direct access to the staff with the expertise to offer support. The line offers assistance around GDPR but also provides advice around current regulations that are in place in the lead up to 25th May 2018.