It is now increasingly common for the news to contain stories of significant data losses. These are both embarrassing for the organisation concerned and potentially extremely expensive to sort out.
There are, of course, many ways in which data losses can occur. They can range from the result of aggressive hacking but can also, and more commonly perhaps, be due to carelessness or a simple lack of awareness on the part of an employee.
The first, and perhaps most obvious, way to minimise the risk is to stick to the rules. Those rules are about to change, so it may be sensible to consider the changes being introduced and reassess how your organisation handles the data within its control.
In a forthcoming series of blogs, we propose to consider the changes to data protection law. Let us begin by considering the General Data Protection Regulations (GDPR).
The GDPR comes into force on 28 May 2018. It is as a result of an EU directive. And although it might not, at this stage, be crystal clear what will happen after Brexit, it seems almost a certainty that the UK will adopt the GDPR into UK law, pretty much as it is. This is because UK companies trading with the EU will need to be compliant with the GDPR. There is, therefore, no escape.
So, who is covered by the GDPR? The technical answer is anyone who is a controller or processor data. It does not, generally, however, apply to individuals processing data for their own purposes. If you are already covered by the requirements of the Data Protection Act, you will be covered by the requirements of the GDPR. So if you are a business employing people, storing customer details, processing orders and arranging delivery, you will be covered.
The GDPR apply not only to data stored on a computer, but also to data stored in a manual system where it is accessible according to specific criteria. This could be an alphabetical or chronological filing system of paper files. If you operate such a system, and are not registered as a data controller, you should review that position.
As ever, if you have any doubt as to where you stand legally, it is best to take advice. We would be happy to help.
Call 01792 468684 or email email@example.com.