Quality

General Data Protection Regulation

Contact Us

    GDPR Compliance

    The General Data Protection Regulation is intended to reflect modern working practices in the digital age, and will strengthen consumer trust and confidence in businesses.

    It will establish a single set of rules across Europe, which will make it simpler and cheaper for UK companies to do business across the continent, even after we leave the EU.

    The Risk Dashboard software will allow you to measure and better manage your company’s compliance with General Data Protection Regulation.

    So what is ‘Personal Data’?

    Personal Data

    “Personal data” is defined in both the Directive and the GDPR as any information relating to a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

    In many cases online identifiers including IP address, cookies and so forth will now be regarded as personal data if they can be (or are capable of being) without undue effort linked back to the data subject.

    There is no distinction between personal data about individuals in their private, public or work roles – the person is the person.

    The regulation provides specific suggestions for what kinds of security actions might be considered “appropriate to the risk,” including:

    Encryption

    The pseudonymisation and/or encryption of personal data.

    Testing

    A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

    Confidentiality

    The ability to ensure the ongoing confidentiality, integrity, availability and resilience of systems and services processing personal data.

    Recovery

    The ability to restore the availability and access to data in a timely manner in the event of a physical or technical incident.

    The Risk Dashboard has been designed to assist business attain an approved code of conduct or an approved certification that may be uses as tools to demonstrate compliance.

    The controller processor relationships must be documented and managed with contracts that mandate privacy obligations – ultimately controllers must assure themselves of processors privacy capabilities.

    There will be a substantial increase in fines for organisations that do not comply with the new regulation.

    Regulators will now have authority to issue penalties equal to the greater of €10 million or 2% of the entity’s global gross revenue for violations of record-keeping, security, breach notification, and privacy impact assessment obligations.

    Violations of obligations related to legal justification for processing (including consent…), data subject rights, and cross-border data transfers may result in penalties of the greater of €20 million or 4% of the entity’s global gross revenue.

    The Risk Dashboard recognises the biggest challenge might be the implementation of the GDPR in practice:

    Implementation

    The implementation of the EU GDPR will require comprehensive changes to business practices for companies that had not implemented a comparable level of privacy before the regulation entered into force (especially non-European companies handling EU personal data)

    Education

    There is already a lack of privacy experts and knowledge as of today and new requirements might worsen the situation. Education in data protection and privacy will be a critical factor for the success of the GDPR

    European DPAs

    The European Commission and DPAs have to provide sufficient resources and power to enforce the implementation and a unique level of data protection has to be agreed upon by all European DPAs since a different interpretation of the regulation might still lead to different levels of privacy

    Using the Risk Dashboard’s software, the intention is to identify risks in your internal processes that could cause you and your business to breach the regulations.

    The heart of good GDPR practice sits within the Risk Dashboard software.

    CONTACT US

      FIND US

      7 Rutherford Court

      Stafford Technology Park

      Stafford

      ST18 0GP

      info@riskdashboard.co.uk

      01785 430430

      POLICIES