The Business Exchange Swindon & Wiltshire Edition 33: Oct/Nov 2017 | Page 26
TECHNOLOGY
Do you handle customer data?
Confused about the GDPR? Then read this...
By Gareth Johnson, CIS
If your business handles customer data then you should have heard
about the General Data Protection Regulation (GDPR). If not, then
you ought to be considering the impact the European Union’s new
regulation – designed to protect EU citizens from privacy and data
breaches – could have upon you and your business come May next year.
Failure to comply with the GDPR
could seriously damage your business’
reputation and a breach will almost
definitely affect your clients’ trust in
your organisation.
D-Day is May 25, 2018, with the
GDPR affecting any company wanting
to do business within the EU or with
member states. That also includes US
firms handling the data of European
citizens.
So, that’s any company that handles
personal data or data that might
identify a person, including your name,
an email address, bank details, perhaps
a photo or even a computer IP address.
26
THE BUSINESS EXCHANGE 2017
What’s more is that anything that
counts as personal data under the Data
Protection Act (DPA) also qualifies as
data under the GDPR.
“Failure to comply
with the GDPR could
seriously damage your
business’ reputation”
So, what does failure to comply look
like? Any breach that is likely to ‘result
in a risk for the rights and freedoms
of individuals’ must be reported to
customers and the data protection
authority within 72 hours of you first
becoming aware of it. Even if you’re not
sure of the scale of the breach you must
contact the relevant parties within this
timeframe, explaining what’s happened
and the steps you are taking to address
the problem.
In addition, if you’re unsure that
you’re equipped to deal with Subject
Access Requests (SARs) or whether you
require a Data Protection Officer (DPO),
then you should consider talking to a
qualified GDPR practitioner.
CIS offers a full set of services
encompassing all aspects of the GDPR.
These include a GDPR Compliance
Gap Assessment Tool, suite of security
solutions, Cloud Hosting as well as
data mapping and policy and process
reviews. For those who need it we
also offer a Data Protection Officer
as a Service (DPOaaS) to support you
through establishing these and if any
breach should occur.
For further information visit:
www.cisltd.com
or email:
[email protected]