The new General Data Protection Regulation (GDPR) will go live on 25th May 2018, bringing with it new mandatory data protection processes and mechanisms, new rights for UK citizens, new executive responsibilities and a punishing set of punitive measures.
Organisations engaged in large-scale, complex or sensitive processing of Personally Identifiable Information (PII) will be required to promote a Data Protection Officer (DPO), responsible for all data protection matters to the board. The DPO will be required to have substantial autonomy to audit and enforce the new data protection requirements. New controls will be required around consent for collection and protection of sensitive data, rights to be forgotten and data relating to minors.
The Information Commissioner’s Office (ICO) will be able to levy fines up to EUR20,000,000 or 4% of global turnover, substantial amounts that could bankrupt even medium-sized businesses.
However, most tellingly, Article 25 of the regulation requires security controls, on top of ‘privacy by design’ requirements, to take into account the ‘state of the art,’ a very high bar to set for all PII-processing or collecting organisations across the UK.
You need to be proactive and start preparing the way now; all businesses need to take this seriously.
For more information visit the Information Commissioners Office.
If you would like to discuss ways in which Memset can assist in making sure that your hosting and infrastructure is ready for the new GDPR, contact your Account Manager or our Sales Team +44 (0)1753 471 040.