The Business Exchange Swindon & Wiltshire Edition 33: Oct/Nov 2017 | Page 26

TECHNOLOGY Do you handle customer data? Confused about the GDPR? Then read this... By Gareth Johnson, CIS If your business handles customer data then you should have heard about the General Data Protection Regulation (GDPR). If not, then you ought to be considering the impact the European Union’s new regulation – designed to protect EU citizens from privacy and data breaches – could have upon you and your business come May next year. Failure to comply with the GDPR could seriously damage your business’ reputation and a breach will almost definitely affect your clients’ trust in your organisation. D-Day is May 25, 2018, with the GDPR affecting any company wanting to do business within the EU or with member states. That also includes US firms handling the data of European citizens. So, that’s any company that handles personal data or data that might identify a person, including your name, an email address, bank details, perhaps a photo or even a computer IP address. 26 THE BUSINESS EXCHANGE 2017 What’s more is that anything that counts as personal data under the Data Protection Act (DPA) also qualifies as data under the GDPR. “Failure to comply with the GDPR could seriously damage your business’ reputation” So, what does failure to comply look like? Any breach that is likely to ‘result in a risk for the rights and freedoms of individuals’ must be reported to customers and the data protection authority within 72 hours of you first becoming aware of it. Even if you’re not sure of the scale of the breach you must contact the relevant parties within this timeframe, explaining what’s happened and the steps you are taking to address the problem. In addition, if you’re unsure that you’re equipped to deal with Subject Access Requests (SARs) or whether you require a Data Protection Officer (DPO), then you should consider talking to a qualified GDPR practitioner. CIS offers a full set of services encompassing all aspects of the GDPR. These include a GDPR Compliance Gap Assessment Tool, suite of security solutions, Cloud Hosting as well as data mapping and policy and process reviews. For those who need it we also offer a Data Protection Officer as a Service (DPOaaS) to support you through establishing these and if any breach should occur. For further information visit: www.cisltd.com or email: [email protected]