Give me a G. Give me a D. Give me a P. Give me an R. What have we got? GDPR!

July 17th, 2017 - Posted by Ben Thomson, Director of Operations

3

GDPR. 4 letters that are about to gain massive attention over the next 12 months. What is it I hear you ask? Well it stands for General Data Protection Regulation and is basically what we are familiar with in the UK as the Data Protection Act (on steroids). In a nutshell it’s the European Union’s work over a 4 year period to bring data protection legislation into line with new, previously unforeseen ways that data is now used.

Here at RedTie we take information security very seriously, which encompasses data protection, as with our ISO27001 certification we have this at the heart of our business. So what does GDPR mean for us all?

It’s been a long time coming, and gone through many incarnations (typically of the EU) to arrive at a more detailed and strengthened version of the Data Protection Act. It takes key concepts from that to broaden compliance and the most important aspects of the new legislation are:

  1. 1. Requiring the consent of subjects for data processing
  2. 2. Anonymizing collected data to protect privacy
  3. 3. Providing data breach notifications
  4. 4. Safely handling the transfer of data across borders
  5. 5. Requiring certain companies to appoint a data protection officer to oversee GDPR compliance

Now I know what you are thinking… most of this is already covered in the DPA. You would be correct in your thinking if so, however the GDPR drills down further within a business. You will be required to show compliance in the form of documented information at every stage of the legislation. How, when and what did you ask your customers in order to gain consent to process their data? Do you have a clear defined method to process those who wish to be forgotten? Can you show you aren’t simply operating a checkbox “opt-in” mechanism for gaining consent? A few examples of the questions you are expected to answer…

It’s not going to happen overnight for any company – here are RedTie we have started the process of evaluating the changes needed both in terms of technical and process controls in order to satisfy our requirements for GDPR. Over the coming months our customers will notice a few changes and where possible we will help provide the tools to enable them to stick within the GDPR legislation from our software’s point of view.

There’s nothing to panic about though – yes, the fines can be high - €20 million or 4% or annual global turnover – whichever is greater. In reality though, this is a new fluid governance that is expected to undergo a few changes before May 2018 when this comes into effect.

Choosing a Web to Print partner with vast experience in information security should be high on any checklist for a chosen provider. RedTie is that partner, having already achieved certification to ISO27001:2013 and the processes and people in place to comply with GDPR and beyond.

On a side note, if you want some bedtime reading, I (DON’T!!) urge you to read the full publication of the legislation here - http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf