Supporting you through the steps to ensure you are GDPR compliant. We provide awareness, advice, and guidance on aspects such as Accountability & Governance
By using our proprietary easy-to-use portal consisting of simple questions segmented into logical sections, you can quickly ascertain your organisation’s level of compliance.
Once completed, the responses will be assessed and a detailed report will be produced identifying current compliance failures and immediate risks to your organisation. This will then be verified by a UK Data Protection Lawyer led team of specialists.
This will provide you with a ‘Gap’ analysis action plan which will help you to meet the requirements of the GDPR.
This report will identify the scale of the challenge you are facing, therefore making it easier to accurately assess the time, resources and costs that will need to be set aside and budgeted for.
It will also allow you to understand which parts of the GDPR will have the greatest impact on your organisation and so identifying what to give priority to in your GDPR planning process.
SIGN UP TODAY FOR ACCESS TO THE GDPR PORTAL.
THE GDPR IS NOW LEGALLY ENFORCEABLE
The GDPR became enforceable on 25th May 2018. The GDPR supersedes national laws such as the:
UK DPA, EU Data Protection Directive, US 4th Amendment, HIPAA etc…
What is The GDPR?
As of 25 May 2018, the General Data Protection Regulation (GDPR) applies in the UK and throughout the EU. (The government has confirmed that the UK’s decision to leave the EU will not affect this).
The GDPR has two mains aims: to protect the rights, privacy and freedoms of EU citizens and to reduce barriers to organisations by facilitating the free movement of data throughout the EU.
This will no doubt be a challenge because, as the ICO says, “we’re all going to have to change how we think about data protection”. But rest assured that we will ensure our clients can meet that challenge and thrive in this changing environment.
At Thinkmarble we have a unique team of IT and legal data security experts and GDPR specialists committed to providing a ‘one stop shop’ focused on helping businesses prepare to meet the ongoing requirements of the GDPR.
Who does The GDPR apply to?
The GDPR applies to any organisation that handles the personal data of EU citizens.
This means that, unlike the law it replaced, the GDPR applies to organisations that provide outsourced services, e.g. cloud providers and external payroll.
It also means that it applies to organisations based outside the EU that offer goods or services to people in the EU, e.g. via their website.
In other words, many more organisations are now subject to EU data protection law will, including those based in the USA, China (and, post-Brexit, the UK).
What data does The GDPR apply to?
The GDPR applies to ‘personal data’. Basically, this means any data that can be used to identify someone.
In most cases, it will be easy to identify personal data e.g., someone’s name, but the GDPR’s legal definition is wider than current law and makes it clear that information such as an online identifier – e.g. an IP address – can be personal data. This means that there are a wide range of personal identifiers that constitute personal data – reflecting changes in technology and the way organisations collect information about people.
In addition, the GDPR introduces some new ‘special categories’ of personal data, including genetic and biometric data where these are used to uniquely identify someone.
10 reasons why you cannot ignore the GDPR and must act now:
YOU ARE HELD ACCOUNTABLE
Arguably the biggest change, the GDPR requires all organisations to demonstrate that they comply with the law.
YOU MUST HAVE A LEGAL RIGHT TO HANDLE DATA
Before they can use personal data, organisations will need to identify a legal basis for doing so. This will be especially important if a organisations rely on someone’s consent to process their data.
THERE’S A NEW RIGHT TO DATA PORTABILITY
This allows people to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
THERE’S A NEW RIGHT TO ERASURE
This (better known as ‘the right to be forgotten’) enables people to request the deletion or removal of personal data where there is no compelling reason for you to keep it.
IMPLEMENTATION COULD HAVE SIGNIFICANT RESOURCE IMPLICATIONS
You are likely to find compliance difficult without professional advice, especially if you have a large or complex business.
FINES HAVE BEEN GREATLY INCREASED
The GDPR increases the maximum fine for breaching data protection law from £500,000 to €20 million or 4% of turnover, whichever is greater.
DATA PROTECTION OFFICERS ARE MANDATORY FOR SOME
The GDPR requires organisations to appointment a Data Protection Officer (DPO) if its ‘core activities’ consist of ‘regular and systematic monitoring’ of people on a large scale, or the handling on a large scale of special categories of personal data.
DATA BREACHES MUST BE REPORTED IN MANY CASES
The GDPR introduces a duty to report certain types of data breach to the ICO, and in some cases to the people affected. A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.
YOU WILL HAVE TO DOCUMENT WHAT PERSONAL DATA YOU HOLD
You may need to organise an information audit, across the organisation, or within particular business areas to establish where it came from and who you share it with.
“THIS ONE’S A GAME CHANGER FOR EVERYONE”*
And having the right mindset towards data protection will help to future proof your business.
*Elizabeth Denham, Information Commissioner