About the GDPR

On the 25th May 2018, the biggest shakeup to the UK’s Data Protection Laws took place. This shake up came in the form of implementing two new sets of legislation.

  • The Data Protection Act 2018 and
  • The General Data Protection Regulations (GDPR) 2018

The GDPR and the Data Protection Act 2018 replaced the existing Data Protection Act published in 1997 and introduced new aspects of data security and privacy for data subjects.

GDPR Principles

The GDPR is broken down into 7 principles

  1. Lawfulness, fairness and transparency
    Data processors must process your personal data in a way that is fair, transparent and keeping within the restrictions of the law
  2. Purpose Limitation
    Data processors must only process your personal data for the purpose for which it was collected
  3. Data Minimisation
    Data processors must collect data that is necessary for the purpose in which it was collected. Information must be relevant
  4. Accuracy
    Data processors must ensure that all the personal information held regarding data subjects is current and kept up-to-date.
  5. Storage Limitation
    Data processors must not keep your data for longer than necessary
  6. Integrity and Confidentiality (Security)
    Data processors must ensure that necessary security measures are put in place to ensure that your data is kept safe and protected.
  7. Accountability
    Data processors must take responsibility for your data whilst it is under their care. This includes the transfer of data between parties.

Data Subject Rights

The GDPR also introduces additional rights for data subjects. It introduces the following rights:

  • The right to be kept informed
    Data subjects have the right to know how their personal data is processed, how long it will be retained for who the data will be shared with.
  • The right to access data relating to the data subject
    Data subjects have the right to access any personal information held about them.
  • The right to rectify invalid data held by an organisation
    Data subjects have the right to rectify any invalid personal data in a timely manner.
  • The right to be forgotten or to request erasure
    Data subjects have the right to request that their personal data be erased once the original purpose has been fulfilled.
  • The right to restrict the processing of your personal data
    Data subject have the right to restrict or limit the extent in which data is processed. This is subject to certain requirements being met.
  • The right to data portability
    Data subjects have the right to request a copy of their personal information in a structured, commonly used, machine readable format for use at other locations.
  • The right to object to further data processing
    Data subjects have the right to object to further processing of personal information for certain things, such as direct marketing.

Principle Comparison

The new principles are broadly similar to the principles within the Data Protection Act 1998.

What is classed as personal information

Personal data includes everything ranging from basic contact details such as your name, telephone number, email address and home address, right through to more complex and sensitive information such as retinal scans and fingerprints.

The following data is classed as sensitive and identifiable:

  • Name
  • Addresses
  • Email Addresses
  • Telephone Numbers
  • Identification Numbers (NHS Patient Numbers, National Insurance Numbers etc.)
  • Location Data
  • Online Identifiers such as IP Addresses
  • Bio-metric Data
  • Healthcare Data
  • Racial or Ethnic Data
  • Political Opinions
  • Religious or Philosophical Beliefs
  • Trade Union Memberships
  • Sex life or Sexual Orientation

How can we help?

May we introduce our new business continuity suite, Fortify.

Our Fortify continuity suite takes every aspect of your business network  from your Internet Security to your day to day Cloud Backups.

Fortify is a completely managed service, just set and forget and we’ll manage the rest.

Managed IT

Our managed IT service watches over the day to day running of your computer systems to prevent any issues before they occur. Linked with our remote and on-site technical support packages, you no longer need to worry about running Windows Updates and cleaning up all the junk left behind.

Alerts will automatically be generated for any unusual activity detected on any of your devices relating to hardware or software issues. An engineer will be notified as soon as an alert is raised, allowing us to address issues on your behalf before they affect the day to day running of your  business*.

Managed Antivirus

Who monitors your antivirus installations across your computer network? Do you have an administration console? Is the software configured to play nicely with your specialist applications?

Our managed antivirus applications are not only monitored remotely, but we also configure them to help defend your computers against all known threats which have been programmed to cost your business money and time.

In the event of a threat being detected, our engineers will be alerted and will deal with the threat within a timely manner.

Secure Cloud

It used to be that local backups were safe, but with the advancements of Ransomware, local backups are no longer safe.

Our cloud backup solutions are fully encrypted and GDPR compliant. Backups can be configured to run throughout the day with a full system backup nightly ensuring that all your business critical data is stored securely.

Your backups are only accessible by you, nobody else; giving you peace of mind that your systems are protected from physical and digital disasters. Our management systems monitor your backups for any issues and our engineers will address any issues detected behind the scenes.

Web Protect

Have you ever caught your employees doing things online that costs your business time and money? or do you want to add an additional layer of protection to your computer network?

Our web protect filtering software allows you to block whole categories of websites or individual websites. It also allows you to white-list individual websites depending on your requirements.

This software is configured on the back of your network so internal business services will not be affected and no additional software will be required on your individual devices for this filter to work.

This is a fully managed service so no training is required.