Every month seems to bring a fresh round of stories regarding data security breaches in companies across the globe. Large scale attacks have become more common and can affect millions of people. This summer saw a significant move by the EU to compel companies to adequately protect themselves from loss or theft of data.
Most businesses understand that GDPR is designed to ensure diligence when it comes to protecting the data they hold, but what does it actually mean and are companies taking it seriously?
The General Data Protection Regulation (GDPR) is an EU law to force stronger data security and privacy standards to protect everyone's information. Far from being just a 'business to consumer' concern, this latest piece of legislation applies to all businesses who hold information on customers, staff, and suppliers. It also sits alongside the Privacy and Electronic Communications Regulations (PECR) concerned with how companies seek, obtain and record consent for marketing communications.
GDPR represents an overhaul of outdated data protection rules set in 1998, and forms part of a new UK Data Protection Bill. Over the last 20 years, the way we hand over our personal data, and the way it is used, has changed dramatically. This new law is designed to respond to the demands from a data-driven, digital world. Like many companies, here at Sowga we have welcomed the move to modernise the boundaries.
But, since the legislation came into force, more than one in four companies have yet to make themselves GDPR compliant, according to research from The Ponemon Institute. In the majority of cases, companies who have failed to do so felt it wasn't relevant to them. However, non-compliance can lead to a hefty fine. AggregateIQ(AIQ) has been named as one of the first businesses to fall foul of the new law.
Here at Sowga, we have years of experience in helping our clients to comply with the latest legislation. And that starts by ensuring our own policies and practices are up to date. Protecting our clients' data is our top priority, and before the new directive came into force we worked hard to adapt our business to meet GDPR, including conducting staff training.
We respect and value the privacy of everyone who visits our website and only obtain and use data in the ways set out in our Privacy Policy. Under the terms of GDPR anyone can ask to see a copy of the personal data we hold on them and can withdraw consent for this to be held in the future. Most importantly, all our data is securely stored in the UK, safeguarded by the latest encrypted protection technology, so you can rest assured that any information we know about your business stays just where it should be.
Operating in an industry where data is key, we understand how important it is to stay in control of your compliance requirements. For more information on our approach to GDPR please don't hesitate to get in touch. Looking for advice on wider buildings compliance issues? Give us a call and we'll ensure you exceed your duty of care.