The General Data Protection Regulation (GDPR) comes into effect from 25th May 2018. It is designed to bring about a greater consistency of data protection legislation and approach across the EU and beyond. It addresses the changing nature in which personal data is being used, or in some cases abused, and will have a wide-ranging impact on all organisations processing personal data.
With 12 months to go we’ve been busy helping clients prepare their businesses to become compliant by creating a GDPR readiness plan. However, some organisations have decided to take a more relaxed approach to determine exactly what form the final legislation will take, and how far the ICO will take their proposed sanctions. Without doubt that is their prerogative, but we strongly feel it's worth highlighting the difference between a Standard and Regulation:Regulation
- A rule that we must follow
- Rules that the Government makes under an Act
- Rules are made “real” and “enforceable” by the power that the Government gives itself under an Act
Standards
- Written by organisations such as PCI and ISO etc - (not the Government)
- Typically refer to product performance or how to do a job
- Have no authority on their own, but may be adopted into regulations making them legal requirements
To help customers that haven’t started planning, we wanted to highlight 12 steps that will jumpstart your journey. Can you get a full house, or will you be pleased with a line?
"In our best caller voice... EYES DOWN"
We understand the world of security and compliance is complex, and can easily swallow up resource and budget. Through our tried and tested methodologies we help you to identify areas of risk, resolve any gaps, raise awareness within your business and implement practical processes and systems to protect you, and your customers' data.
Our Solution to the GDPR Challenge
Whilst technology will ultimately play a vital role in achieving and maintaining compliance with the GDPR, people and processes are often the weakest links. We understand this consideration and, drawing on our group capabilities, adopt a holistic approach to achieving compliance through an integrated framework of readiness services.
Assurance and Compliance
Ultima's Assurance and Compliance offerings have been designed to help establish a baseline for 25th May 2018. They are based on our proven information security model, delivered to help organisations achieve assurance and compliance to Standards and Legislation such as ISO 27001, DPA and PCI DSS.
- By Martin Collins (Head of Networking and Security)