EOL IT Services has now merged with tier1 Asset Management Ltd

5 GDPR Requirements you need to be aware of before May 2018.

by | Dec 19, 2017 | IT Security, News

he GDPR is set to replace the Data Protection Act on 25th May 2018. The new regulation seeks to ensure that all companies within the EU (and who trade within the EU) follow the same set of rules when it comes to protecting their clients’ personal data. It is highly important that all companies take measures to prepare for the introduction of the new regulation well in advance of the implementation, as such, we’ve put together 5 of the most important GDPR requirements that you should be aware of:

1. Explicit Consent

Under the new General Data Protection regulation, companies must provide their customers or customers with the opportunity to explicitly consent to the storage of their personal information. Unlike the DPA, a simple ‘opt out’ clause will not suffice. Customers will have to actively express their consent for a company to have the right to store and process their information, rather than this being a given that they can to choose to opt out of later. Customers will need to provide consent for each individual piece of information, rather than bundling it as a whole. The idea is that indivduals have more freedom over the type of information that companies store about them, and can choose to retract their consent at any point.

2. Demonstration of Compliance

It won’t be enough for companies to simply comply with the GDPR, they must also be able to prove the ways in which they comply. This will mean clarifying data security policies and training every member of staff so that they understand the importance of following these policies. Companies will also need to be able to provide proof of how they store each individual piece of information, if they are asked to do so.

3. Data Breach Reporting

In theory, if companies are compliant with the GDPR, they are unlikely to fall victim to data breaches. However, if a company does suffer a data breach, they will need to report it to supervising authorities and the individuals affected within 72 hours of it happening. Failure to do so could result in penalties that are even tougher than the existing fines for failing to comply to the GDPR.

4. Liability Extends Beyond Controllers

Under the Data Protection Act it was only data controllers that were responsible for data security. The new regulation, however, means that all organisations that deal with personal data- for whatever purpose- are liable. This includes companies that have minimal contact with data, such as companies that provide data processing services to the controller. No matter how minimal the contact with personal data, compliance is still mandatory.

5. The Appointment of a Data Protection Officer

Article 37 of the GDPR states that public authorities, data controllers and processors who regularly and systematically process data subjects on a large scale and data controllers whose main job is to process, on a large scale, sensitive data or data relating to criminal convictions and/or offences, must appoint a Data Protection Officer (though it is advised that all companies appoint one). This DPO will have expert knowledge of what the company needs to do to comply with the GDPR, ensuring that all staff are trained and aware of their data protection obligations. The DPO will also be responsible for answering any queries regarding the company’s data security.

The GDPR effectively calls for companies to be more acutely aware of how they store and process their client data. Given that the penalties for non-compliance are so strict- up to €20 million or 4% of global annual turnover, whichever is higher – it is easy to see the need to comply to the new regulation as a burden. However, you should really see the GDPR as a chance to firm up your company’s data security, so that your clients and/or customers can rest assured that their information is in safe hands.

With over 25 years industry experience, tier1 are proud to be the UK’s most accredited ITAD supplier. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of it responsibility and legally.

Contact us today on 0161 777 1000 or visit https://www.tier1.com to find out how we can help you dispose of your data safely and reliably.

Recent Stories

The Hidden Environmental Impact of Our Smartphones.

The Hidden Environmental Impact of Our Smartphones.

Checking emails, social media or the news; banking, making payments, taking photographs, finding our way; it is fair to say that we would be lost without our smartphones, perhaps literally. Oh, let’s not forget, our now indispensable devices also make calls. Essential...

Delivering Social Value Through Our Business Operations

Delivering Social Value Through Our Business Operations

We have become increasingly aware of economic, social and environmental issues. Our renewed sense of community, which naturally came into focus during Government lockdowns, furthered the opportunity for ethical businesses to drive social impact, rather than simply be...

Navigating the Subjectivity of Refurbished IT Devices

Navigating the Subjectivity of Refurbished IT Devices

Reconditioned, renewed, pre-owned… as there are no hard and fast definitions of what the phrase ‘refurbished technology’ means, purchasing restored devices can feel a little like navigating a minefield. This confusion, poor experiences or deep-rooted misconceptions...