A shock is coming to UK businesses who haven’t yet put a data protection programme in place. The General Data Protection Regulation comes into play in May 2018, by which time businesses need to show they’re already compliant with it.
A Data Protection Impact Assessment is a process for building and demonstrating compliance with the GDPR.
It’s a process that an organisation can use to systematically describe its data processing purpose and operation, assess whether its processing is likely to result in risk for the data subjects concerned, and determine measures for addressing these risks.
Article 30 of the General Data Protection Regulation (GDPR) stipulates that organisations maintain a record of their data processing activities. Basically, this means that for an organisation to become compliant with the GDPR, it needs to present an audit of personal data as it moves through an organisation.
There’s a lot of talk online about businesses becoming ready for the General Data Protection Regulation compliance deadline of May 2018, but what about all the thousands of schools out there?
All schools, whether they’re private or public, need to comply with the GDPR. When the GDPR comes into play, schools will need to have their data protection programmes already operating. So where to begin?
Facebook is under pressure as a result of a €1.2-million fine by the Spanish Data Protection Authority for not adequately collecting the consent of its user and non-users. This infringement of data privacy is the second in a matter of months, following a €150 000 fine from the French privacy regulators for a violation along similar lines.
The volume of data you have on your computer system grows by the day. But do you need it all and how will you manage the storage of it as it increases? Since backing up has become vital to business continuity, you need to be smart about what you keep and what you don’t. Redstor looks at the question in their data management article: Archive or delete – What should you do with your data?
In a move that spotlights the accelerating importance of data protection and privacy worldwide, Ireland’s High Court will ask the EU’s Court of Justice for a ruling on whether business enterprises operating via the Internet, such as social media giant Facebook, will be allowed to transfer users’ data to the United States.
Needless to say, a ban on data transfers would have huge consequences not only for social media, but for all US enterprises that process data on EU residents, whether for online purchases, accommodation bookings or moving employee data between countries. Just think of all the US websites that are used heavily by Europeans every day: Amazon, Google, HomeExchange, Airbnb, Whatsapp and Booking.com.
In anticipation of the EU’s General Data Protection Regulation (GDPR), which will come into effect in May 2018, Redstor has partnered with compliance specialists GDPR365 to offer their clients a cloud-based software tool that will enable initial and ongoing compliance with the new data protection law.
Every organisation – inside or outside the EU – that processes personal information belonging to individuals in the EU will need to comply with the GDPR. The regulation has been developed primarily to strengthen the rights of individuals and, as a result, sets new data privacy and protection standards for organisations doing business with Europe.
On 7 September the The Washington Post reported that a security breach at Equifax, a US credit rating bureau, resulted in hackers gaining access to personal data belonging to an estimated 143 million individuals. Apparently, the breach was due to an 11-year-old website application flaw that compromised the personal information of not only Americans, but British and Canadian consumers.
Amongst the stolen personal data are names, driver’s license details, credit card numbers, social security numbers and birth dates – basically the key ingredients for identity fraud.