A recent IT Security survey found
that 61% of UK companies don’t realise that the new Regulation applies to them.
A further study has shown that
21% of senior management have little or no awareness about the effect that the
GDPR will have on their organisation. While 31% of the companies questioned had
experienced an incident in the last 12 months due to staff negligence or bad
practice.
It is essential that companies
are made aware of the changes and new obligations in the legislation by May
2018 and time is running out.
The Regulation contains new
rights for people to access the information companies hold about them,
obligations for better data management and a new regime of fines. Incidents
with serious consequences can have fines of up to €20 million or 4% of a firm's
global turnover whichever is greater.
Companies covered by the GDPR
will be more accountable for the handling of people's personal information.
This will include having data protection policies, data protection impact
assessments and data mapping showing how the data is processed.
Companies will need to obtain
consent and demonstrate why people's information is being collected and
processed, providing descriptions of the information that is held, how long it
is being kept for and descriptions of the technical security measures in place.
As well putting new obligations
on the companies and organisations collecting personal data, the GDPR also
gives individuals more power to access the information that is held about them
free of charge.
To help prepare for the GDPR the
ICO has created a 12-step
guide which includes steps such as making key people aware of the
Regulation, determining what information is held, reviewing current privacy
notices, identifying the lawful basis for processing the data and what should
happen in the event of a data breach.
Chapter Three Consulting are a
business support consultancy who provide specialist compliance knowledge and
GDPR expertise. As an ISO accredited organisation their consultants are able to
assist in auditing, supporting the implementation of any changes required and
maintaining ongoing compliance.
For further information contact us on 0330 004 0020 or email info@c3c.co.uk