How General Data Protection Regulation (GDPR) affects IT Resellers, SME Companies and individuals
General Data Protection Regulation (GDPR) will target larger organisations, but it also applies to small and medium-sized businesses. It is also vitally important for Cisco Resellers like ourselves, general IT Resellers and IT Consultants of every shape and size who work with IT Hardware and Data. Social Media companies, Banks, Governments, Cloud storage providers have quite a bit of planning and compliance to look forward. We have selected some links and portals relevant and helpful to Value Added Resellers, SME Businesses as well as IT Directors / Managers.
The Information Commissioner’s Office (ICO) has produced some ‘practical advice on how to comply with data protection law and how to improve data protection practices in your business’. The quick ‘How to Comply’ checklist PDF is available along with webinars and lots of useful GDPR information on the ICO link below.
https://ico.org.uk/for-organisations/business/
Wondering what GDPR is? Don’t worry it’s not too late
Simply put, GDPR (General Data Protection Regulation) is a regulation by which the EU intends to strengthen and it brings together data protection for all individuals within the European Union. With the advent of globalisation and data stored in multiple locations, it also works to address the export of ones private and personal data outside the EU. The General Data Protection Regulation’s primary intent is to give control back to citizens and residents in the EU over their data. The goal is to unify and simplify the regulatory data protection process and regulation for international business within the EU.
Falling Foul = Big Fines
The EU GDPR homepages explain: “After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. It will enter into force 20 days after its publication in the EU Official Journal and will be a direct application to all members states two years after this date. Enforcement date: 25 May 2018 – at which time those organisations in non-compliance will face heavy fines.”
Fines could be hefty – up to 4% of a company’s turnover; a sanguine moment for companies like Yahoo who have just recently announced that all of their 3 billion accounts were compromised within the past few years.
Brexit
‘In light of an uncertain ‘Brexit’ – a data controller in the UK asks if this could continue with GDPR planning and preparation?’
The short answer is Yes. Specifically, ‘If you process data about individuals in the context of selling goods or services to citizens in other EU countries then you will need to comply with the GDPR, irrespective as to whether or not you the UK retains the GDPR post-Brexit. If your activities are limited to the UK, then the position (after the initial exit period) is much less clear. The UK Government has indicated it will implement an equivalent or alternative legal mechanisms. We expect that any such legislation will largely follow the GDPR, given the support previously provided to the GDPR by the ICO and UK Government as an effective privacy standard, together with the fact that the GDPR provides a clear baseline against which UK business can seek continued access to the EU digital market.’
http://www.eugdpr.org/gdpr-faqs.html
https://www.itgovernance.co.uk/data-protection-dpa-and-eu-data-protection-regulation
The GDPR is being enforced within the EU next May. It aims to be of great benefit to private individuals by providing a global blueprint for how their EU data is managed. It will help companies by having a single regulation to maintain and comply with, rather than overlapping practices. Of course, it helps the regulators manage data protection to a uniform standard.
What do you think? Is this Win / Win / Win? Or is it another Y2K?