The GDPR is a new legal framework being introduced within the EU on the 25th May 2018. It builds on the current Data Protection Act (DPA) but adds a number of new and different requirements; the penalties for not adhering are more severe so this is something every business should begin to consider now. Note that the government has already confirmed that the UK’s decision to leave the EU will not affect the introduction of GDPR!
It is essential that not only your business, but those in your supply chain are prepared for the GDPR; a breach can have serious impacts for those involved. Quba Solutions will be working hard over the coming months to ensure we are ready and we will issue further guidance on the steps you should take to implement new data processing, storage and management solutions.
Overview of what the GDPR is...
The GDPR applies to all ‘personal data’ but unlike the DPA, can include online identifiers such as IP addresses. It governs how this data is handled and holds those using it accountable; decisions should be documented to provide transparency and measures put in place to minimise data breaches. The governance should be proportionate but may include impact assessments, internal data protection policies and internal staff training.
Under the GDPR, a number of rights have been afforded or strengthened for individuals whose data is processed or controlled. For instance, individuals now have the right to be ‘forgotten’ and where consent is required, it should be shown to have been given freely and unambiguously.
Why you should be concerned
Where the GDPR does differ from the DPA is in the accountability and penalties involved. For instance:
- The maximum levels of fines for breaching the regulations will be up to 10 million Euros or 2% of Global turnover
- The ICO will need to be notified of a data breach within 72 hours
- Regulators will be able to require companies in breach of the GDPR to cease processing data
- Clients will begin requesting information on how you adhere – reputational gains but also losses could be affected
What are Quba Solutions doing?
We have already taken significant steps in anticipation of the change and will continue to inform our clients of our internal developments as well as suggestions to ensure you remain compliant with the GDPR.
We have recently appointed an industry leading IT supplier to ensure our whole business is cloud based, backed up over 5 different data centres and who use the latest technology to ensure our data is not compromised.