General Data Protection Regulation
We provide fully managed IT support and technology solutions, including proactive maintenance and monitoring, 24/7 IT support, network administration and technology consulting. We’ll get to know your business inside out so we can recommend technology that will effectively address your unique business needs.
What is GDPR?
In 1998 the Data Protection Act (DPA) was introduced by UK Parliament as the main piece of legislation to govern the processing of data on identifiable living people. However, the technology landscape has changed so much since the act was enforced, that this law is now significantly out of date and is not able to protect the individual as originally intended. A prime example would be social media sites capturing personal data, profiling it, and selling it to advertisers, without the individuals explicit consent.
However, the General Data Protection Regulation (GDPR) under EU law, which was adopted on 27th April 2016 and will apply from 25th May 2018, will supersede our Act and the Data Protection Directive from 1995, and be significantly more stringent. The main focus of GDPR will be to protect the personal data of all individuals residing within the EU, irrespective of where the company holding the data is based, and includes rules around holding, processing, profiling, maintaining and deleting that data to name a few.
For more information regarding GDPR, visit our blog.
Are you ready to comply with GDPR?
0
DAYS
0
HOURS
0
MINUTES
0
SECONDS
Which companies does the GDPR affect?
Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU. Specific criteria for companies required to comply are:
- A presence in an EU country.
- No presence in the EU, but it processes personal data of European residents.
- More than 250 employees.
- Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data. That effectively means almost all companies.
Data mapping allows an organisation to better visualize and understand where their data is located. This involves but is not restricted to: the nature of the data, its location on the network, who has access to it, is the data securely stored, is it shared across several systems. Proper data mapping is therefore a necessity when it comes to data protection and data privacy, which are two essential parts when aiming towards GDPR compliance. How can we help? An audit of the data flow is a good first step to undertake in order to have a clear visibility and mitigate risks about client’s data, employee’s data and vendor’s data. It also helps to manage information assets effectively and retrieve specific data quickly. Moreover, data mapping goes hand in hand with Data Portability.
nder article 20 of the GDPR, data portability allows individuals to reuse their personal data across several IT environments. It includes the possibility to copy, transfer, and move personal data in a secure way to transmit it to other organisations if required. GPDR compliance is important because the data needs to be structured and machine readable by commonly used software. How can we help? Assist with putting in place automated processes to organise and structure the data in a GDPR compliant way (database, scripting, data entry software). Putting in place “encryption tunnels” to prevent interception if the data needs to be sent from one IT system to another (from one company to another for example). Review the query for data portability to ensure it does not breach any of the GPDR articles.
Under section 7 of the Data Protection Act, individuals have the right of access to personal data. How can we help? When preparing responses to queries about personal data access, it is important to understand what data is requested because there are several exemptions. We can help by double checking the nature of the data that is demanded, making sure that it falls in line with DPA Section 7 and preparing the exportation of the required data.
Achieving GPDR compliance is only one step of the whole process. Once this is achieved, the next step is to keep up to date with any additional articles, changes of regulations/laws but also making sure that the processes put in place remain compliant overtime. How can we help? Monitor the processes that have been put in place to verify that they are still enforced. Assess on a regular basis the controls that have been implemented to verify that they are functional and operational (update them if necessary and/or implement new ones if needed). Conduct regular PIA/DPIA “audits” to assess the risk of exposure of personal information and prevent data breaches.
How do you make sure your IT systems are compliant?
Your priority now is to carry out an audit of all the IT systems you use to handle the personal data of individuals. From your internal CRM to your HR system to your email marketing software, all of it needs to be assessed for GDPR compliance.
We can carry out this audit for you. This is one of the advantages of using Novus to support and help your business grow. Also did we mention:
- We’re experts in IT systems with 10+ years of experience of encryption and data systems.
- We also advise on business technology, meaning we can suggest and implement the right solutions for your business, ensuring your processes are end-to end compliant with minimal disruption.
- Non-compliance can end up in big fines, and ignorance is no excuse as the ICO regulations have been circulating for some time.
Contact our GDPR Practitioners today!
GDPR isn’t going away. It’s not a box to tick at the end of your IT systems planning. It is an integral process that should be engrained deeply into your organisation’s systems, culture and business processes. Get in touch with us today!
Get in touch
Whatever your query or requirements, we’d love to hear from you.
- Did you know?
There’s no charge to meet and discuss, so get in touch with us today and find out what we can do for you.
We have been very impressed with the service from Novus since the beginning. They have provided us with the right solutions for our business and been very efficient in ensuring a smooth transition from our previous provider, without any downtime. Overall the stability and reliability of our IT services have been greatly improved.I have been very impressed thought the whole on-boarding process, from making sure that we picked the correct services to delivering them, I would say that you have set the benchmark in customer support.
I just felt it necessary to take time out to thank you and your team for all their enthusiasm and help since you have taken over our IT support. Both the level of expertise and the swiftness in dealing with our queries is quite astounding and we are very grateful that we have found you to take over our IT support because in the past we have had some very bad experiences. The congratulations is to all your team to celebrate their exceptional service.
I have been very impressed thought the whole on-boarding process, from making sure that we picked the correct services to delivering them, I would say that you have set the benchmark in customer support.
As a charity we have a number of financial constraints as you will appreciate; wherever Novus can supply us with cheaper but quality value items (software/ hardware/ Comms support) they have. They have negotiated contracts and disputes for us, not part of the package, and resolved a number of issues. They really are ethical ICT and they will go the extra mile for you.
I have been working with Novus for over 2 years now and can attest to their excellent service and professionalism. They are always open to discussion and they have adapted well to changes in our business strategy. Time and again we put Novus to task in all areas of our business and they come through with cost-effective and future-proof solutions that the business can rely on. I would highly recommend any of their vast array services to anyone in the tech industry.
