020 3151 6000

Are you ready to comply with GDPR?


What is GDPR?

GDPR (General Data Protection Regulation) is the replacement for the Data Protection Act (DPA) which was enforced in 1998.  The previous regulation was left unchanged for some years and consequently was very out of date. Most technologies we use today such as Cloud were simply not invented.

The changes are vast and when they come into force in May 2018 the EU will probably have the most severe data laws in the world.  The main focus of GDPR is to protect personal data.  This means that businesses will no longer be able to profit from personal data without your clear permission.

Business Readiness

Understanding your data

The first thing a business needs to do, is to understand all of the data held and the risk that it may expose them to.  To do this, you need to create a data map, which details the following:

  • Why
  • Who
  • What
  • When
  • Where

The retention period and other legal details of the data must be established.  This can be a huge undertaking, but it is essential as without knowing the state of the data held a business can’t protect against breaching the rules of GDPR.

Contact one of our GDPR Consultants today on 020 3151 6000

Assessing the risk

It is necessary to establish if a business would fall into the high risk category based on the type of data they hold and the amount of data they process.  High risk includes, but is not limited to:

  • Systematic and extensive processing activities, including profiling and where decisions that have legal effects – or similarly significant effects – on individuals;
  • Large scale processing of special categories of data or personal data in relation to criminal convictions or offences; and
  • Large scale, systematic monitoring of public areas.

If after assessment the business is high risk, then it needs to perform a Privacy Impact Assessment (PIA) to ensure that any personal data is well categorised, secure, easily retrievable, editable (ideally self service), transportable and has the ability to be permanently deleted if required.

How can we help?

Priority One can assist with the following stages of getting your business ready for GDPR:

  1. Mapping your data
  2. Performing a PIA
  3. Writing a Data Breach procedure and communications
  4. Recommending Technology to assist with Data Protection

Headline changes

  • Fines will start from €10 million

  • Personal data to be deleted within 72 hours of request

  • Access to personal data requested by the individual must be provided within 72 hours

  • Incorrect data identified by the individual must be edited within 72 hours

  • Personal data now covers a much broader scope e.g. IP address

  • Ensuring all personal data is secure is now paramount

  • Security needs to be regularly tested e.g. penetration tests

Contact us

Find out how Priority One’s GDPR team can help your business today.