Speak to an expert
Businesses of all sizes need to understand and prepare for the GDPR. This blog is designed to help explainkey GDPR facts and the key steps organisations can take to become GDPR compliant.
‘Date Controllers’ and ‘Data Processors’ need to abide by the GDPR if they manage the data of EU citizens.
Businesses and organisations within the EU, as well as those outside of the EU that offer goods or services to, or monitor the behaviour of EU individuals/data subjects.
GDPR is a regulation – a binding legislative act. It must be applied in its entirety across the EU. A directive is a legislative act that sets out a goal for achievement.
Yes. Each Member State will have individual discretion on criminal sanctions for GDPR infringements.
Any information relating to a natural person or ‘data subject’ that directly or indirectly identifies that person. It can be anything from a name, email address, bank details, medical information, or a computer IP address.
Consent must be provided by an individual/data subject for the processing of their personal data. The request for consent must be in an intelligible and easily accessible form, with the purpose for data processing attached. Inactivity or pre-ticked boxes will no longer constitute consent for the processing of data. Organisations that demonstrate active consent will have a record of how and when this was provided. If an individual removes consent, you must show evidence that you no longer process their related data.
Many organisations have measures in place due to the Data Protection Act (DPA). Others must examine and address current practice for GDPR compliance to show how they adhere. For example, demonstrating the procedures that are in place to protect the data they hold.
To reduce a project’s privacy risks. This assessment identifies the risks to address to help mitigate these at an early stage.
Yes, it is mandatory to report a personal data breach that may result in a risk to people’s rights and freedoms.
The most effective way to demonstrate you have taken steps to comply with GDPR is to obtain relevant certifications such ISO27001 or the more affordable IASME Governance (Information Assurance for SMEs)
Should you need any questions about GDPR facts, we are here to help.
We’ve been an IASME Certification Body since 2016 and helped many organisations achieveISO27001 and IASME Governance (Information Assurance for SMEs) certifications.
Assure Technical keep cyber security simple. Our objective is to provide expertise with a personal touch – no cut corners, no jargon, no waffle, just straight-talking security solutions.
Get in touch with our expert consultants for straight-talking, jargon-free technical security advice.