Here we go, another document / note / word on the most talked about piece of legislation for decades I hear you say.
Well, sort of yes and no.
Yes, this is another note on GDPR and yes there has been a lot of commentary and sales pitches about it, a lot of emails, details and prompts to keep in contact but, and crucially there is a but, it’s actually a very good thing.
GDPR is a massive overhaul of European data protection legislation and will have an impact on everyone. Whether you’re a business and having to have a greater understanding of exactly what happens with the data you’re responsible for or a consumer who’ll be given the greatest level of data transparency we’ve ever seen.
The General Data Protection Regulation (GDPR) is the biggest shake-up of both UK and EU data privacy legislation for 20 years. It creates a single set of rules designed to better protect personal information for people across the EU. All organisations must review how they manage all personal data, such as customer addresses and staff details, to ensure they meet GDPR requirements.
It comes into force tomorrow, 25th May 2018 and everyone must be ready.
GDPR is forcing businesses to be more open with their customers and is increasing business accountability. It puts shared responsibility on both the data controller and the data processor, meaning both are now liable.
There is a two tier fine system for a breach of GDPR regulations. The first is up to 2% of global annual turnover or €10 million. The second is up to 4% of global annual turnover or €20 million, whichever is higher.
If you’re still not sure, have a look here at the hundreds of third parties Paypal share data (your data) with. GDPR is driving this transparency.
So what is Bede doing to ensure compliance?
Well, true to Bede form, we are going above and beyond the requirements to ensure the highest quality data protection and security.
In May last year we certified to ISO 27001:2013 and this has given us the framework to build on in support of our GDPR work. We have also have expanded our Information Security, Compliance and Legal functions to ensure we have dedicated people in roles which are entirely responsible for these particular areas.
We have been undertaking a number of key tasks, such as reviewing the key suppliers we use, e.g. Microsoft Azure, to make sure they are fit for the purposes of GDPR and to make sure the services we offer customers are of the highest quality. Microsoft Azure as as committed to security and privacy requirements as we are and it’s this commitment to which we hold all our suppliers.
GDPR brings into force several new rights for data subjects, such as the Right to Be Forgotten. When it comes to clients’ customer data it is our clients, as the controller to our processor, who will make the decision on acceptance of this type of request. However, once a decision has been made we have the processes in place to erase personal data. An operation that is immediate and irreversible.
In short, Bede puts privacy and security at the heart of our thinking in order to assure operators that our technology, and particularly our role as data processor are equipped with the most stringent measures to ensure compliance at the highest level. We are ready, are you?.
If you have any questions or would like further information on how we are Supporting Operator GDPR Compliance’ we have created a document of the same name which has been shared with our existing customers, please get in touch using firstname.lastname@example.org.