On the 25th May 2018, the new General Data Protection Regulation (GDPR) comes into force throughout the EU. The new regulation is a comprehensive uplift on the UK’s 1998 Data Protection Act, and is aimed at harmonising data protection throughout the EU. Regardless of whether your business is in the EU or not, any business which profiles data subjects from the EU must be compliant!, Cybercube have will based on the articles present in the GDPR regulation conduct the assessment to check the readiness of the organization. Also based on the outcome of assessment Cybercube will assist organization in implementing the specific controls.
The GDPR places a number of responsibilities on companies who control and process personal data including:
Putting organisational and technical measures in place to demonstrate compliance
Making data protection and information security a board-level issue
Implementing robust and “state-of-the-art” cyber security solutions and reviews
A focus on transparency and consent as a basis for collecting and processing personal data
Providing enhanced rights for data subjects – including the right to be forgotten
More stringent rules around detecting and communicating data breaches to both individuals and the authorities
Companies who fail to fail to comply with the GDPR face fine of up to €20m or 4% of global turnover from the Information Commissioner’s Office in the event of a data breach.