01827 219540

sales@mtservices.co.uk

GDPR

What is GDPR?

The General Data Protection Regulation (GDPR) is an EU regulation which is intended to strengthen and unify data protection for all individuals within the EU. It will come into effect on the 25th May 2018 and immediately replace the UK Data Protection Act (DPA).

While the current UK DPA already includes the vast majority of the regulations included in GDPR many of these have been strengthened and the maximum fine has been raised to 20 or 4% of global revenues (whichever is higher).

Brexit

Brexit will have no bearing on GDPR as any company that carries out business within the EU or holds any personal information on an EU citizen will need to comply to GDPR. More importantly the UK Information Commissioner’s Office (ICO) intends to enforce the rules anyway.

Compliance

There is currently no certification or accreditation for GDPR which means that you can not physically achieve GDPR compliance.  If you do misuse/leak/lose any personal data, the ICO will take into account the processes, workflows and security you have put in place for GDPR when determining the size of any fine.

Resources

MT Services GDPR Guide for SMEs

ICO Preparing for the GDPR 12 Steps

ICO Overview of the GDPR

ICO SME IT Security Practical Guide

ICO PIA Code of Practice

ICO Privacy Notices Transparency and Control

ICO GDPR Consent Guidance (Consultation)

HM Government Cyber Essentials Requirements

HM Government Cyber essentials Common Questionnaire

EU GDPR Regulation Document

EU working party DPO Guidelines

EU Working party DPIA Guidelines

EU working party data portability

EU Guidelines on the application and setting of administrative fines

EU Guidelines for identifying a controller or processor’s lead supervisory authority

EU Guidelines on Personal data breach notification