When the EU’s General Data Protection Regulation (GDPR) comes into force on 25th May this year it will change the data protection landscape in the UK forever. More comprehensive and powerful than the existing requirements under the Data Protection Act 1998, the GDPR gives the ICO new powers to regulate and fine – with financial penalties up to €20 million or 4% of annual turnover. Not only that but breaches will be more public and could be more damaging, reputationally. For those organisations not yet prepared, now is the key time to review IT infrastructure to ensure it is ready.
Where does the GDPR affect IT infrastructure?
The ability to effectively delete data
One of the main aims of the GDPR is to give individuals more control over their data. A key part of this is a new concept called “the right to be forgotten.” This, effectively, enables a consumer to request that a business delete all the data it holds on that person. To comply with this part of the GDPR, an IT infrastructure needs to provide perspective on all the data held, as well as the ability to delete it altogether. It is no longer good enough to retain information and simply mark it “do not contact,” the deletion must be complete.
A review of the way that data is handled
The GDPR is designed to encourage businesses to think differently about consumer data and to review the way that it is handled internally. There are many different components to this, including harvesting only the data required for a specific purpose and keeping it only for the period that it is necessary. The GDPR requires firms to have full perspective over the way that data is handled and to be able to show that the IT infrastructure containing it is the best place for it.
The requirement to ensure security
The responsibility to ensure that your IT infrastructure is secure will increase significantly with the GDPR. There is no option to keep a security breach quiet – under the GDPR this must be reported within 72 hours and all those affected may need to be informed. It will be necessary to prove that all possible precautions have been taken to protect the data that you hold, from using encryption to ensuring that your IT infrastructure is backed up somewhere reliable like the cloud. If there is a breach then businesses will now be held accountable – and to a much higher standard than in previous years – so the risk of poor security is simply not worth it.
Transparency on consent
Fundamental to the GDPR are the new rules on consent to use individuals’ data. This consent must have been proactively given, specific and informed. Not only that, but it will be necessary to keep records of when that consent was given and to ensure that, if it is withdrawn by the individual, the existing IT infrastructure enables resulting changes to be effectively actioned.
netConsult designs bespoke IT infrastructure designed to ensure compliance for each of our clients, giving confidence in such a data-rich industry that all information will be handled appropriately and facilitated by the IT infrastructure we provide. Contact us to find out more on 020 7100 3310.
Author: Laura Zverko - Follow us on Google+