GDPR Protecting Personal Data

Tuesday 12th of September 2017
GDPR Protecting Personal Data

Data loss and theft is a common occurrence and with the increased reliance on IT, it’s not a case of if it will affect you, but when.

The Data Protection Regulations have been in force since 1995, in the guise of the Data Protection Act. People that hold our data should, as required by the Act make sure that any data they hold on use is used fairly and lawfully, and used for limited, specifically stated purposes.

However, the plethora of data uses and subsequent activity using data has led to a mis-match on different pieces of legislation.  In 2016, the EU acted, and pulled all Data Privacy requirements into a single piece of legislation that the EU member states are obliged to enforce from 2018. As signatories at the time, and under the commitments the UK has made to Brexit, we will continue to adhere to these requirements.

The GDPR is a regulation intended to strengthen and unify data protection for all individuals within the EU. It addresses the export of personal data outside the EU. It aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

In addition to the requirements already found in current Data Protection legislation, it will also look at automated analysis (profiling), privacy by design, outsourced activities and include companies based outside the EU, that collect or process data on EU citizens.

Working with a range of businesses, we are finding that there is,

  • Sometimes a relaxed attitude to data, its gathering, storage and management. In fact a survey by the Information Commissioners Office (ICO) found that only 25% of consumers trust businesses with their personal information. 
  • Assumptions about who is responsible within the organisation. The most common comment is that its IT that look after all that or we employ a company to look after all our IT.
  • Assumptions that when outsourcing IT services, their perceived expertise will protect you.

Data protection can be seen as complicated and bureaucratic. A Report from 2015 showed that 80% of European businesses surveyed agreed with this. However, the revised framework for ISO management systems means that organisations can now adopt the same governance they apply to other performance and risk management systems for Information Security. This makes like more straight-forward and easy to understand.

The growing expectation from regulations is that organisations managing data should be able to develop a strategy and policies to understand and manage security risks to their network and information systems , as well as implement methods to avoid cyber-attacks or system failures.

For more information about GDPR, it's requirements or ISO 27001, please contact Spedan Ltd on 01908 255 525 or

Related Articles

Cyber Security, the Inside Story
14 controls points required for ISO 27001
Cyber Essentials vs ISO 27001

We hope this article has been helpful

If you have any further questions or want to learn more about what we can do for your business, please contact us using the link or details below:


Tel: 01908 255 525