GDPR: Top Five Myths De-bunked Right Here

by User Not Found | Jul 12, 2017
We cut through the confusion to bring you the top five myths surrounding GDPR – the EU regulation governing citizens’ data.

There’s a great deal of information available about the General Data Protection Regulation (GDPR) and its impending implementation (25 May 2018), and it can sometimes be difficult to decipher fact from fiction. Here, we cut through the confusion to bring you the top five myths surrounding GDPR – the EU regulation governing the storage, management and processing of EU citizens’ data.


GDPR won’t affect the UK because of Brexit


Some UK businesses believe it’s a good idea to hold off on investing in the means to achieve GDPR compliance, given the lack of clarity around precisely what Brexit will look like. This is a mistake – UK firms, like in any other EU member state, will need to be compliant with the GDPR by 25 May 2018, or face potentially huge fines.


Being subject to GDPR requirements isn’t restricted to organisations within EU countries. Organisations based outside the EU but storing/managing/processing EU citizens’ data will also need to comply – and the UK government has undertaken to fully implement GDPR May 2018.


Post-Brexit, experts say the UK will either continue to be subject to GDPR, or have a new law that is similar to GDPR. The Information Commissioner’s Office (ICO) – the appointed authority for dealing with data breaches – says it will work with the government and provide advice on the continuing application of the GDPR, or any replacement regime.


GDPR compliance is my cloud service provider’s responsibility, not mine


Businesses utilising personal data for business purposes cannot pass the buck to their cloud or security service providers that process or store personal data on their behalf. GDPR doesn’t only affect a business that collects data – a business that handles the data will also have to ensure they are compliant with the new regulations.


Even if a data controller is not storing personal data (i.e., it uses a third party to store such data), the data controller will still be held responsible for compliance with the GDPR. Both controllers and processors share responsibility for meeting GDPR requirements.


If any of a business’s data is hosted off-premises by a third-party, the business must ensure their cloud service provider can deliver the appropriate level of security, produce logs in the event of an incident and produce them as and when they are required.


As a business, we have to employ a Data Protection Officer


The appointment of a Data Protection Officer (DPO) is only required for public bodies and organisations that engage in large-scale systematic monitoring or large-scale processing of sensitive personal data. In fairness, this covers almost every medium to large enterprise.


However, organisations not falling into one of the categories above do not have to appoint a DPO (although it could still be considered good practice to do so!)


There is a technical checklist for GDPR


It’s not that simple! Unfortunately, GDPR doesn’t prescribe specific data protection technologies, but rather process requirements. However, businesses should already be talking to their IT providers about core data security solutions.


Regulators want to catch businesses out


There is an assumption that the regulators will immediately come calling on any business that hasn’t met the GDPR requirements by the 25 May 2018 deadline. That isn’t the case. The ICO is likely to adopt a pragmatic approach to the situation, and accommodate those organisations it can see are putting effort into achieving compliance.


“We’re not going to bang everyone's door down on 26 May, saying ‘give us a cheque for four percent of your annual turnover [the maximum fine for a breach],” Peter Brown, senior technology officer at ICO said recently.


The ICO doesn’t want to see companies incur huge fines, or fail – rather it is positioning GDPR as an opportunity for organisations to assess and improve their data processing operations. However – that doesn’t mean companies can slack off in their compliance efforts in the lead-up to the new regulations!


Cobweb GDPR data hub


The BBC article, Could new data laws end up bankrupting your company?" (7 July 2017) included a quote from Mark Thompson, a partner in KPMG's privacy advisory practice: “Many businesses have no idea what to do and don't want to grasp the nettle. There’s a lot of misinformation and panic around at the moment, but if businesses don't take responsibility for this at board level they will fail.


At Cobweb, we’re here to ensure businesses can cut through the misinformation and don’t need to panic. We’ve created a GDPR hubwhere we’re posting relevant information – and have arranged a series of workshops, corporate assessments and clinics to be run by independent GDPR Implementation Consultant, Pierre Westphal.


The first 3-hour workshops take place in London, Wednesday 26 July – register now to book your place!

 

2 comments

Leave a comment
  1. PRATEEK | Oct 18, 2017
    Very helpful post. Thanks a lot for sharing this post
     We are offering CRM Software. If you are looking for CRM Software companies in Delhi or CRM Software companies in Noida or CRM for small business then IQ Infotech is the right choice for you.
  2. hayan | Oct 11, 2017
    No thief, however skillful, can rob one of knowledge, and that is why knowledge is the best and safest treasure to acquire. cara mengatasi lemak darah tinggi + cara mengobati ginjal bengkak + cara mengobati bintik merah dan gatal di kemaluan

    Leave a comment

    GDPR COUNTDOWN

    25 May 2018

    How to start preparing for GDPR


     

    GDPR Journey

    1. Location

    Creation of an inventory of personal data

    GDPR requires organisations to be able to identify every reference to any individual across all systems


    2. Governance

    Managing personal data access and use

    Establish a clear view of existing and define new data processing activities required


    3. Security

    Protecting personal data against vulnerabilities and breach

    Business will need to be able to prevent, detect and respond


    4. Reporting

    For data requests, breaches and accountability

    GDPR requires a higher standard of transparency, accountability and documentation than the majority of companies will have encountered before

    10 things to consider with GDPR

    GDPR Journey

    How Cobweb can support your GDPR journey

     

    See how prepared your business is:
    Take our easy 15-step survey


    Discover where to begin:
    Attend a GDPR readiness workshop


    Receive bespoke GDPR advice:
    Take part in a GDPR assessment


    Delve into GDPR compliance:
    Bring your business to the GDPR clinic

    GDPR eBOOK

    GDPR - A Guide to Business

    GDPR Guide


    GDPR resources icon

    Other Useful Resources

     

    GDPR with Microsoft
    Accelerate GDPR compliance 


    Symantec GDPR Guide
    A new dawn of data privacy


    Mimecast
    GDPR risk management


    TermSet
    GDPR compliance for SharePoint Content

    Solutions that help your business to meet GDPR compliance


    Microsoft


    Microsoft
    Office 365

     

    Office 365 helps to identify or manage access to personal data and safeguard your data in the cloud. Features such as Customer Lockbox, Data Loss Prevention help you meet GDPR compliance.



    EM+S

     

    Microsoft Enterprise Mobility + Security

    Use multiple devices, apps and environments with Microsoft EM+S, which secures access to your business' data to prevent misuse and data breaches.





    Microsoft

     

    Microsoft Azure Active Directory

     

    Azure AD incorporates comprehensive identity management capabilities and ensures that only authorised users can access your environments and data.





    Dynamicst

     

    Microsoft
    Dynamics 365

     

    Dynamics 365 is the next generation of intelligent business applications and it enables you to control and manage your data and achieve GDPR compliance.





    Microsoft

     

    TermSet
    Metadata Automation

    TermSet automates GDPR information discovery in SharePoint and highlights documents that contain sensitive GDPR information. 



    Microsoft

     

    Symantec
    EndPoint Protection 

    Symantec Endpoint Protection provides industry-leading security as a service that protects your organisation across any device.







    logo-mimecast


    Mimecast
    Email Archiving

     

    Mimecast’s email security is the most comprehensive cloud-based email security and compliance solution on the market today.


    Microsoft

     

    Acronis
    BackUp Cloud

     

    A powerful backup service, enabling organisations to backup data to a secure Cloud environment.