Data loss and theft is a common occurrence and with the increased reliance on IT, it’s not a case of if it will affect you, but when.
The Data Protection Regulations have been in force since 1995, in the guise of the Data Protection Act. People that hold our data should, as required by the Act make sure that any data they hold on use is used fairly and lawfully, and used for limited, specifically stated purposes.
However, the plethora of data uses and subsequent activity using data has led to a mis-match on different pieces of legislation. In 2016, the EU acted, and pulled all Data Privacy requirements into a single piece of legislation that the EU member states are obliged to enforce from 2018. As signatories at the time, and under the commitments the UK has made to Brexit, we will continue to adhere to these requirements.
The GDPR is a regulation intended to strengthen and unify data protection for all individuals within the EU. It addresses the export of personal data outside the EU. It aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
In addition to the requirements already found in current Data Protection legislation, it will also look at automated analysis (profiling), privacy by design, outsourced activities and include companies based outside the EU, that collect or process data on EU citizens.
Working with a range of businesses, we are finding that there is,
Data protection can be seen as complicated and bureaucratic. A Report from 2015 showed that 80% of European businesses surveyed agreed with this. However, the revised framework for ISO management systems means that organisations can now adopt the same governance they apply to other performance and risk management systems for Information Security. This makes like more straight-forward and easy to understand.
The growing expectation from regulations is that organisations managing data should be able to develop a strategy and policies to understand and manage security risks to their network and information systems , as well as implement methods to avoid cyber-attacks or system failures.
For more information about GDPR, it's requirements or ISO 27001, please contact Spedan Ltd on 01908 255 525 or email@example.com
Contact Spedan to request further information about our services.