Are you ready for GDPR?
The General Data Protection Regulation (GDPR) is going to have the single biggest impact on small businesses in the UK, the EU and further afield than any other regulation of it’s kind – is your business ready for GDPR?
GDPR replaces the Data Protection Act 1998 and brings data protection legislation into line with the ways that businesses now use data, it gives individuals more say and rights over the data that others hold about them, it introduces tougher fines for breaches and non-compliance and brings consistency to data protection rules throughout the EU.
But we’re leaving the EU you might say?
That doesn’t matter, the UK is expected to uphold the legislation post-Brexit, so there is no getting away from it, GDPR is happening.
How does GDPR affect individuals?
GDPR gives people more control over how personal data is used. Online businesses have been using personal data to allow shared access into services for many years, this is now going to be legislated through GDPR. As the digital economy continues to evolve, GDPR seeks to provide protection to individuals.
The definition of personal data is also being widened, all previous classifications under the Data Protection Act 1998 stand and have been expanded to include IP addresses, account handles (pseudonyms) and even cultural, economic and mental health information is also included. These changes affect everyone and every bit of identifying data that we have – if it allows someone to be identified in anyway then it is covered.
How does GDPR affect businesses?
GDPR affects all businesses who process or control data. Where the previous data protection legislation put the onus on controllers of data (the companies who have obtained the data), the new legislation also encompasses processors of data, this includes web design companies, hosting companies and any business that could access personal data if they wanted to. This is a huge change and has massive ramifications for all businesses operating in our sector.
GDPR will impact all UK businesses, all UK businesses and any business outside of the EU that holds data belonging to EU individuals.
Even though GDPR is so far reaching and so impactful less than half of businesses have a strategy in place to ensure safe operation within the legislation. GDPR will impact all businesses in some way, businesses need to be ready for it. Has your business got a plan for GDPR?
What is Ascensor doing about GDPR?
As a data processor and data controller we are taking our obligations very seriously. We are currently working towards obtaining ISO27001, This is the framework of procedures and policies that includes physical, technical and legal controls for governing information security, this includes GDPR.
The process involves risk assessment of all areas of the business relating to information security, from physical business entry to the storage of customer data. Establishing policies, team training and audits ensure that all members of the Ascensor web design team operate within the framework.
Obtaining this standard will mean that we can continue to deliver compliant services into heavily regulated sectors including financial services, and all clients regardless of size and project specification will benefit from our operating within this standard.
The GDPR is a core focus of the ISO27001 standard and our achieving the standard will mean that we are not only protecting the data of our clients, but also the data that we hold (on our web servers) for their clients. We will be able to support all of our clients with the provision of information that is held on our servers, on their behalf, as and when required.
What does GDPR mean for our clients?
If an individual requests details of the information that is stored about them on our web servers we will be able to provide this detail in the required format and within the required timescales. As digitally captured data will be the most affected by GDPR, our ability to support our clients’ compliance will provide confidence as we move into this new era of data protection.
From our website design and development services where we build databases to store customer data to our email marketing automation solutions where we use Infusionsoft to provide professional double-opted in communications on behalf of clients, we have the systems in place to ensure we keep our clients compliant with GDPR.
If you are not yet ready for GDPR and you are unsure if your website offers you the protection that you will need for compliance then we can support you, get in touch today!