The General Data Protection Regulation (GDPR)

What is the GDPR?

The General Data Protection Regulation (GDPR) is the result of four years of work by the EU to update data protection legislation to suit the manner data is currently used inside EU member states. 

The most up to date legislation in the UK relating to data protection is the Data Protection Act 1998, whilst this was suitable nearly 20 years ago, the way data is processed has changed significantly therefore, updated legislation is required. The GDPR introduces tougher fines for non-compliance and breaches, along with allowing individuals more say over how companies can use their data. GDPR also means that data protection rules will be near identical throughout EU member states which the EU estimates will save businesses a collective €2 billion a year thanks to the less complicated legal environment throughout the single market.

When does the GDPR apply?

The GDPR will apply in all EU member states from 25 May 2018. Whilst it came into force on 24 May 2016, after all parts of the EU agreed to the final text, businesses and organisations have until 25 May 2018 until the law actually applies to them. Organisations based in the United Kingdom will have to comply with the new regulations if they wish to trade with other organisations that are within the EU.

How does the GDPR affect Individuals?

As an individual, this new regulation puts you in the driving seat, the GDPR gives you eight rights that are aimed to provide total control over what can be done with your data, these are below:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

How does the GDPR affect businesses?

As a business, if your company has any personal data covered under GDPR you must ensure that the individuals have provided consent to process, control and securely store their data depending on what you are trying to do with it. Failure to comply with the new regulations can land a fine of up to €20 million or 4% annual turnover globally, whichever is greater.

For the majority of businesses with no current regulation, new procedures and controls will need to be put in place to ensure that your entire business is in compliance with GDPR at all times, however, if a best-practice model is followed, or your business is accredited to certifications such as ISO 27001, changes may be minimal. The following covers a typical GDPR review process:

  • Individual
  • Data Content
  • Data Storage Devices
  • Geography
  • Compliance, Monitoring and Reporting Tools
  • Legislation, Rules and Regulations
  • Procedures
  • Governance, Organisation and Responsibilities 
  • Fines and Penalties

For more information on the GDPR and how Raycon can help your business comply with the new regulations please get in touch via our Contact Page

Why is IT Security critical to your business?

In a modern IT world, where many devices are connected to the internet (Internet of Things - IoT), the possibility of data theft, ransom or corruption is higher than in the past when the internet was less prevalent. Only you know the value of the data on your systems and the impact of losing it to your business. New regulations are continuously being developed and updated both at a government level and sector regulator level, with many new and updated requirements being issued in Q1 2018.

How can Raycon help secure your business data?

Raycon is currently completing ISO 27001. We have considerable experience in IT security in areas such as:-

Disaster Recover & Business Continuity

Covers regularly backing up you operational data and storing your system data so that they can be restored in the event of a disaster. Planning for systems recovery in the event of a major operational disaster hence allowing rapid recovery of the business process.

Secure Remote Access

As flexible and remote working continue to evolve, security of Data and restrictions on Remote Access become major issues. Raycon has experience in developing specific solution to provide greater security.

Secure System Monitoring

As an add-on to our Remote Monitoring & Management service (RMM). Secure monitoring is available for both Office and Cloud based servers.

Cyber Essential Certification

This is a basic level of security compliance, typically required if trading with or in the public sector.

Security Health Check

This involves reviewing existing IT infrastructure and preparing a report indicating the status for the primary hardware and software being used to protect the site such as firewalls and antivirus.

 

Data Audit

Unlike the Security Heath Check, this focuses on the data being stored on your systems

Technology Review & Upgrade

This specifically looks at software and hardware technology such as age, specification and performance of servers along with checking to see what versions of software such as Office is being used.

GDPR Audit

GDPR is the new regulation that becomes operational in May 2018, to cover the input and storage of data. This covers all aspects of Data including Data Storage, Transmission, Processing and Procedures relating to data input, access and storage as well as security aspects of IT systems.

Website Security

Ensuring that your website stays up to date with the latest security patches/fixes and technical updates both on the host server and website Content Management System (CMS)

For more details on any of the services we offer please get in touch via the Contact Page