The General Data Protection Regulation (GDPR) was introduced in 2018 and forms controls for personal data privacy. In 2016, in an effort to make data protection more comprehensive, the EU combined all Data Privacy requirements into a single piece of legislation that the EU member states were obliged to enforce from 2018.
Under the commitments the UK has made to the European Union, we will continue to honour and adhere to these requirements although in large part, they reflect our own data protection regulations that have been in force since 1995, in the guise of the Data Protection Act. Under the Data Protection Act, organisations that hold our data should ensure that any data they hold is done so fairly and lawfully, and used for limited and specifically stated purposes.
The GDPR is a regulation intended to strengthen and unify data protection for all individuals within the EU. It addresses the export of personal data outside the EU. It aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international businesses.
In addition to the requirements already found in current Data Protection legislation, it addresses issues such as automated analysis (profiling), privacy by design, outsourced activities and includes companies based outside the EU, that collect or process data on EU citizens.
Working with a range of businesses, we are finding that there is:
A report from 2015 showed that 80% of European businesses surveyed percieved data protection to be complicated and bureaucratic. However, the growing expectation from consumers and individuals, especially with the introduction of GDPR, is that organisations should have strategies and policies to manage their data and thus avoid cyber attacks or system failures. The revised framework for ISO management systems means that organisations can adopt a similar structure of governance for Information Security that they currently apply to their Quality or Health and Safety, and thus provide the levels of assurance they should.
Further information on the GDPR can be found on the Information Commissioner's Office website which maintains some useful resources and materials to help you understand the GDPR more thoroughly.
Related Articles
Comparing Cyber Essentials to ISO 27001Adam has been working on Quality and Environmental management systems for most of his career in small, medium and corporate organisations. A keen advocate of the ISO approach as a platform for improvement, Adam ensures that systems are practical and useful for Managers and Staff to use.
Following a number of years working on software development projects, Adam has diversified into Information Security and Business Continuity management. Keen to formalise his industry experience, he is currently undertaking a Diploma in Business Continuity Management at Buckingham University.
Adam has a PhD from Cranfield University and now supports the MSc Environmental Management programmes through the advisory panel and visiting lectures.
If you have any further questions or want to learn more about what we can do for your business, please contact us using the link or details below:
CONTACT USTel: 01908 255 525
Email: sales@spedan.co.uk