The first step on your path to compliance to have a consultation with us. This will not cost you anything at this point and may all you need to sure you are doing the right. Contact us to arrange a meeting.
This allow you to see what you have got and what you need. In some cases this can be missed out if your business is starting from scratch with your Policies and Procedures for the GDPR.
A plan will be produced to suit your business needs and timescales to implication the changes required. The timescales can vary depending on the size of the business and what you have in place now.
you are required to show that you staff's awareness of the General Data Protection Regulation. We provide this awareness/training on the subject as part of your compliance to GDPR.
If you need a Data Protection Officer or not is down to what data you process, how much data you process and the nature of you business.
The GDPR is going to have a massive impact on how and what you collect within your business when dealing with an EU Citizen, even if your business is located outside of the EU
The risks in incorrectly processing individuals data just has got higher. There is one solution, each business will have a different solution. You need a solution for your business.
Non-compliance to GDPR could potentially lead to massive fines, €20 million or 4$ of your turnover (whichever is greater). Not to meantion the negative repetitional damage on your business.
You can trust that will find the solution for your business.
We take the time to understand your business what your business does and where you likely to be in future.
After the Consultation and GAP Analysis, we will know what you are doing with you data in your business and design a solution that fits your needs now and in the future.
What is the GDPR? - In short, The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
The General Data Protection Regulation (GDPR) is the biggest change in Data Protection since the introduction of the Data Protection Act 1998. The GDPR was introduced in April 2016 and becomes mandatory on 25th May 2018.
These changes are going to affect all businesses worldwide that deal in the processing of EU Citizens Personal Data. The purpose of this new regulation is to give you better control of your personal data as an EU Citizen. Part of the design of this new regulation is to reinforce consumer trust with the businesses they are dealing with, knowing that their data will be safe and treated correctly. Businesses are going to have to change and adapt business processes when it comes to handling Personal Data. Many businesses are unsure how this will affect them, some even think this will not apply. The simplest explanation would be if you have any EU Citizen Personal Data then GDPR applies to you!
The Regulation rules differ for different business sectors, they are split in 6 different categories, Non-Profit, Professional Services, Retail (shop front and/or online), Hospitality & Leisure, IT Services and Public Sector. We specialise in 4 of 6 categories, but can support the other 2. See below for more information on the different categories.
The regulation also states that Data Protection Officer is required, unless your business can show why one is not needed. We are assess your business requirements and advise on best course of action for your business to compliant with the GDPR.
Personal Data—What is this?
It is defined as any information relating to a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online ID or to one or more factors specific to the physical, physiological, genetic, mental, economic or social ID of that person. For example this will include IP Addresses and cookies. The new regulations may appear to be a bit daunting for some businesses. Most businesses will need to make changes to policies and procedures. Other things that need to be consider is who is a ‘Data Controller’ and who is a ‘Data Processor’ and the activities that goes with each role. A Data Protection Officer is recommended under the GDPR and in many cases this is mandatory.
You need to remember this is a business transformation not an IT transformation. Your IT systems will be affected, a Software solution to GDPR may help, but is not showing compliance with GDPR.
Compliance with the GDPR has many factors including Staff training, HR Audits and Privacy Impact Assessments.
CyberTek Consultancy is here to help businesses with GDPR requirements and ensure your business is compliant in time.
For more information on the GAP Analysis and price, go to this page.
Why get in touch for more information on how we can help you.
If you collect and process personal data on a natural living EU Citizen then the GDPR applies to you. This will be case for all businesses as you will have to have someones details to do business
The biggest area for any business is accountability. The business is responsible for ensuring compliance with the GDPR. Accountability can consist of:
Appoint of Data Protection Officer
Data Impact Assessments
Where marketing is concerned, this completely changes the way we think about handling data. Direct marketers will need to demonstrate how their organization meets the lawful conditions. If an organization cannot prove how they have obtained consent the likelihood is that they will be fined. Marketers must align themselves with the GDPR principles.
“Businesses are not required to automatically ‘repaper’ or refresh all existing 1998 Act consents in preparation for the GDPR,” Vitale said. “The first question to ask is: which of the six legal grounds under the GDPR should you rely on to process personal data? Consent is only one ground. The others are contract, legal obligation, vital interests, public interest and legitimate interests
In short, No.
A business needs a adopt the GDPR principles. This involved the ongoing monitoring of what the business does with personal data. This needs to put in place for current activities then applies to any new activities the business undertake. A business need to prove it has had the policies and procedures in place and has been carrying out Data Impact Assessments etc.
The GDPR applies to all companies based in the EU and those with EU citizens as customers. It has an extraterritorial effect, so non-EU countries are also affected. Even though the UK leaves the EU, the UK will still need to comply with the GDPR. One reason for this is the cross-over period between the GDPR coming into force and the UK exiting the EU. The UK will need to comply with the Regulation while it is still a part of the EU. Another reason is the extraterritorial reach of the GDPR. UK companies continuing to do business with the EU after Brexit will need to comply with the Regulation to avoid infringements.