GDPR
What is GDPR?
The General Data Protection Regulation (GDPR) is an EU regulation which is intended to strengthen and unify data protection for all individuals within the EU. It will come into effect on the 25th May 2018 and immediately replace the UK Data Protection Act (DPA).
While the current UK DPA already includes the vast majority of the regulations included in GDPR many of these have been strengthened and the maximum fine has been raised to 20 or 4% of global revenues (whichever is higher).
Brexit
Brexit will have no bearing on GDPR as any company that carries out business within the EU or holds any personal information on an EU citizen will need to comply to GDPR. More importantly the UK Information Commissioner’s Office (ICO) intends to enforce the rules anyway.
Compliance
There is currently no certification or accreditation for GDPR which means that you can not physically achieve GDPR compliance. If you do misuse/leak/lose any personal data, the ICO will take into account the processes, workflows and security you have put in place for GDPR when determining the size of any fine.
Resources
MT Services GDPR Guide for SMEs
ICO Preparing for the GDPR 12 Steps
ICO SME IT Security Practical Guide
ICO Privacy Notices Transparency and Control
ICO GDPR Consent Guidance (Consultation)
HM Government Cyber Essentials Requirements
HM Government Cyber essentials Common Questionnaire
EU working party DPO Guidelines
EU Working party DPIA Guidelines
EU working party data portability
EU Guidelines on the application and setting of administrative fines
EU Guidelines for identifying a controller or processor’s lead supervisory authority