We can hide from it but truth is the new General Data Protection Regulations (GDPR) are coming into effect on 25th May 2018, these new regulations affect the personal data that every business processes, further more the definition of Personal Data has changed.

What is the definition of Personal Data?

The GDPR changes the definition of personal data, it is fair to say that information you would previously not have classified as Personal Data will be under the GDPR.

GDPR Article 4.1 - Definition of Personal Data ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Countdown to GDPR becoming active

Day(s)

:

Hour(s)

:

Minute(s)

:

Second(s)

No need to panic if you are not ready, there are no immediate fines,
but you should think about protecting your data and we are here to help.

What do you need to do?

This is different for every business but there is some common ground, the very first thing that you need to do is a DPIA (Data Protection Impact Assessment), in its simplist form this is a list of all the different types of personal data you process, why you process it, on what legal basis you process and how you protect and manage it, you may remember from a previous post we described the GDPR as a “risk based regulatory framework”, with that in mind you need to put policies and procedures into place to reduce your liability by reducing any potential damages to the rights and freedoms of any person.

Once you have your DPIA then you can question if you actually need the data and then minimise the personal data that you hold and protect it.

Security by design

GDPR states that security should be by design and with the current technologies available but without involving unrealistic costs, some of the security measures you can implement can be done very cost effectively, for example ‘Access Permissions’ only giving access to those that actually need access, another measure may be disk encryption, if enabling disk encryption then there are some specific guidelines from the NCSC (National Cyber Security Centre) which should be implemented, if you need assistance implementing protection then please get in contact.

Our Top Tip!

A Cyber Essentials Certificate is a great way for you to ensure and demonstrate that you have taken adequate security measures on your computers to keep them safe from Cyber Threats.

Further Reading

Below are some more blog posts that may be of interest to you.

Some Help with Passwords!

We all have passwords for everything we do these days, we’re told to make them complex and then we forget them, so we write them on a post-it note and attach it to our screens! or write it in the back of our diary backwards because nobody else does that...

GDPR is coming!

We can hide from it but truth is the new General Data Protection Regulations (GDPR) are coming into effect on 25th May 2018, these new regulations affect the personal data that every business processes, further more the definition of Personal Data has...

Small Business Cyber Security Risk

Small businesses are as much risk as bigger businesses, you may remember that in 2017 the NHS was attacked by the WannaCry Ransomeware, despite having dedicated IT staff and plenty of resources they were still forced to cancel appointments and operations...

The Annoying OPT-IN Message

What’s with all these OPT-IN Messages? Like me you are probably receiving OPT-IN messages everyday, claiming that because of the General Data Protection Regulations (GDPR) coming into effect on 25 May 2018 that they now need your “Consent” to continue...

What this GDPR then?

GDPR is the General Data Protection Regulations (GDPR) that come into effect on 25th May 2018, it is the biggest change to Data Protection in 20 years and is long overdue, the amount of personal data we process and the way we process it has changed vastly and all...