The General Data Protection Regulation (GDPR) was introduced in 2018 and forms controls for personal data privacy. In 2016, in an effort to make data protection more comprehensive, the EU combined all Data Privacy requirements into a single piece of legislation that the EU member states were obliged to enforce from 2018.
Under the commitments the UK has made to the European Union, we will continue to honour and adhere to these requirements although in large part, they reflect our own data protection regulations that have been in force since 1995, in the guise of the Data Protection Act. Under the Data Protection Act, organisations that hold our data should ensure that any data they hold is done so fairly and lawfully, and used for limited and specifically stated purposes.
The GDPR is a regulation intended to strengthen and unify data protection for all individuals within the EU. It addresses the export of personal data outside the EU. It aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international businesses.
In addition to the requirements already found in current Data Protection legislation, it addresses issues such as automated analysis (profiling), privacy by design, outsourced activities and includes companies based outside the EU, that collect or process data on EU citizens.
Working with a range of businesses, we are finding that there is:
A report from 2015 showed that 80% of European businesses surveyed percieved data protection to be complicated and bureaucratic. However, the growing expectation from consumers and individuals, especially with the introduction of GDPR, is that organisations should have strategies and policies to manage their data and thus avoid cyber attacks or system failures. The revised framework for ISO management systems means that organisations can adopt a similar structure of governance for Information Security that they currently apply to their Quality or Health and Safety, and thus provide the levels of assurance they should.
Further information on the GDPR can be found on the Information Commissioner's Office website which maintains some useful resources and materials to help you understand the GDPR more thoroughly.
Related Articles14 controls points required for ISO 27001
If you have any further questions or want to learn more about what we can do for your business, please contact us using the link or details below:CONTACT US
Tel: 01908 255 525