GDPR Overview: What is GDPR?
The General Data Protection Regulation (GDPR) protects people by defining the processing of personal data as a fundamental right. As a regulation, GDPR will directly affect member states of the EU without the need for implementing legislation.
Why is it important?
The implementation of GDPR is an important step forward that enables individual privacy rights. It gives EU residents more control over their personal data.
GDPR also sets new standards for B2C relationships. It is a complex regulation that may require significant change in how you collect, process and manage data from people all over the world. Considering the significant legal responsibilities, it may take time to bring current data processes in line with GDPR. There’s no time to wait.
Steps you need to take
Organisations must protect any personal data to prevent any unlawful forms of processing. With this law in place, data managers must notify supervisory authorities of data breaches within 72 hours of discovery. Employees that process personal data must be committed to confidentiality. Other GDPR requirements include:
- Record keeping
- Transparent policies
- Consent management
- Privacy impact assessments
Prevention is the best defence against data breaches. By using the correct organisational and security measures, your company will be able to reduce any possible risk and protect personal data.
How SGS can help
We understand the value of personal data and the serious implications of a data breach. To help you meet these requirements, we provide solutions for small and medium enterprises (SMEs) to facilitate the understanding of the different requirements.
Based on GDPR requirements and guidance, we offer a portfolio of services that can help your organisation become compliant.
GDPRonline is a simple readiness assessment to help measure current alignment to GDPR, set action plans and measure progress. It allows for a centralised data inventory to help list and record personal data processing and a notification system to help manage individual rights requests and data breach reports.
GDPR compliance in the UK and Brexit
The UK Government has confirmed its intention to bring the EU General Data Protection Regulation (GDPR) into UK law after Brexit, ensuring continuity and data security.
GDPR replaces the Data Protection Directive 95/46/EC and will give individuals across Europe more control over how their personal data is collected and processed. The Regulation will impact how organisations store and use personal data for all business activities from employee payroll and customer invoices to marketing campaigns – effectively making organisations accountable for data protection.
Achieve full and ongoing professional compliance with SGS’s global expertise and experience.
Fields marked * are mandatory.