With Only 15 Months To Go – Are You Ready for GDPR?
The EU has now changed its data protection rules. They will fully apply from 25 May 2018.
These new rules are called the General Data Protection Regulation (or GDPR), although the full official name of the new rules is “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)” which can be found in the EU Official Journal (OJ L 119 of 4.5.2016, p.1) here.
To help you identify what the implications are for your business and what practical steps you need to take, Pro2col are working with Jonathan Armstrong, an experienced lawyer with a concentration on technology and compliance and partner at Cordery Legal Compliance. His practice includes advising multinational companies on matters involving risk, compliance and technology across Europe. Jonathan is one of three co-authors of the LexisNexis definitive work on technology law, “Managing Risk: Technology & Communications”. He is a frequent broadcaster for the BBC and other channels and is regularly published in Infosecurity Magazine.
As referenced in my blog article; “Impact of Brexit on GDPR“, the EU legislation will still impact UK businesses in the run-up to leaving the EU and in all likelihood post life in the EU. It is important to note that the legislation covers all electronic communications data, i.e it is not limited to “personal data” but covers data related to an end-user (individuals and entities). Both more traditional content (text, voice, video, images, sound etc) and metadata (data used to trace source and/or location of communication, the time, date and duration of a communication etc) derived from electronic communications are included. This data will have to be anonymised or deleted unless a user has given consent to their continued use or for legitimate purposes such as billing.
To comply companies will need to implement appropriate technical and organisational measures to protect data against loss or any unlawful forms of processing. These measures should guarantee a level of security appropriate to the risks represented by the processing and the nature of the data to be protected. Managed File Transfer is one of the technical measures that can assist with reducing the human risk of data sharing through automating transfers and providing secure, auditable methods for end-user file sharing. MFT also provides detailed logs and reports for your compliance team.
For all businesses, there is now plenty to be done ahead of next May. Jonathan will be presenting an overview of GDPR at a Pro2col event on Thursday 9th March. Click here to register.