GDPR Implications: 3 Key Points

Among reassurance of the integrity of our services thanks to the recent ADISA audit pass we’ve achieved, we’re gearing up to help organisations in becoming compliant with the General Data Protection Regulation, specifically with the sections that concern data erasure.

 

 

The General Data Protection Regulation enforcement date is gaining on us and more businesses are seeking help from consultancies to ensure the understand the implications and are compliant by 25th May 2018, when the GDPR will formally replace the Data Protection Act 1998 and will be enforceable by the ICO.

 

 

On the I.T recycling and data erasure front, the GDPR will have 3 key implications on organisations:

 

 

• Right to be forgotten: If there is no need for data stored by the firm, personal data of a data subject must be securely erased.
• Organisations (Controllers) must have a written agreement with Processors (us) to ensure the secure erasure of personal data.
• Controllers who process and erase their own data are subject to a 4% global annual revenue fine in the event of a data breach.

 

 

Organisations must understand that they will be audited by the ICO. It’s not a question of IF, it’s WHEN. The resources made available to the ICO have increased and they have made it clear to all organisations that enforcement of the GDPR will be more prevalent than any action taken against organisations throughout the reign of the Data Protection Act 1998. Taking the stance of “don’t worry we’ll never be audited” is simply not worth the risk, especially with the new threat of a 4% Global Annual Revenue fine for any breach of the GDPR.

 

 

The free service that we offer ensures that you remain compliant with the GDPR. We provide written agreements for every collection and we remove data breach liabilities from you in the process.