On the 25th January, we welcomed almost 60 delegates to Mirus IT for our 4th GDPR Explained Knowledge Academy. The Knowledge Academy is our quarterly business learning event where we bring industry experts in to deliver the latest updates on subjects that are impacting businesses and technology.
With the countdown to GDPR on the 25th May 2018 quickly approaching, our delegates were keen to learn how GDPR is going to affect them.
This quarter we had the pleasure of learning from Matthew Holman, Principle of EMW Law, Tony Pullin from Papercut distributor ITS and our resident Cyber Essentials expert Darren Challender. Here are a few key points you should be considering regarding compliancy, that you might not have thought about:
- GDPR is going to hit the ground running and so should you! Many people don’t realise that GDPR was adopted in April 2016, with the final definitions of the regulations being published in May. It’s at this point that the regulations become enforceable. This means that the ICO will be acting straight away and will have expected you to be prepared for this date. If you’re not ready, or at least not made significant effort to become complaint by on the 25th May, then you could find yourself in hot water.
- Brexit will not stop GDPR. The regulations are effective where the data relates to a European citizen, the changes in the UK’s relationship with the EU under Brexit are not going to stop the regulations from happening. It’s in fact completely possible that the UK will make additions on top of the new regulations.
- GDPR relates to all data, not just the digital data you hold. Whilst it may be the growth of digital data and our hyper connected world that has driven the need to update the outdated Data Protection Act of 1998, it certainly isn’t the only data in question. It’d be very easy to believe that it’s just your digital data that is the focus of GDPR. All data in your business should be treated as an asset, and the essential measures made to ensure all data is protected, be that digitally or in print. With this in mind, secure printing solutions to managed offline data were discussed at the event.
- All businesses need to fully understand Consent, or they are placing their entire organisation at risk! Possibly the biggest talking point at the event was the topic of ‘consent’, or article 7. Personal data will be categorised as either a general wide scope of information, such as name, email address, telephone number, through to sensitive information such as age, race or religion. Businesses must be transparent, clear and direct with their data collection methods in order to be data compliant. Companies will have to change the way they work. If a company requires personal information, the reason for requiring that information must be very clearly defined each data subject must clearly understand what that data is intended for and how it will be used. Clarity of purpose is paramount.
- Obtaining the Governments Cyber Essentials Certification, is a great first step towards compliance, and in some instances, might be officially required by your clients or partners. Designed by the government to help organisations become secure the programme covers many of the technical points that the ICO will look at should you report a breach. Owning a Cyber Essentials or Cyber Essentials Plus certification demonstrates your commitment to your data protection. If you’re a service provider, this takes on a whole new perspective too, as under the old Data Protection Act, responsibility could be laid at the data owner/controllers door, as of May 2018, the data handler/processor is now equally liable to suffer should they be the source of a breach. You can bet your 4% of annual turnover that more and more prospective clients are going to be seeking the Certification as a requirement before doing business with you.
Since the announcement of GDPR, Mirus have been helping our clients prepare for 25th May and are certified to provide services to help businesses gain the Cyber Essentials Certification and maintain that certification as part of a Managed Security Service. To find out more about protecting your business, complete the form below and a member of our team will be in touch.
Do you want to attend our next GDPR Knowledge Academy on Tuesday 24th April? Please book your space here.
The three pillars of Mirus are:
Delivering outstanding service.
Offering strategically successful solutions.
Providing consistent customer satisfaction.