About the GDPR
On the 25th May 2018, the biggest shakeup to the UK’s Data Protection Laws took place. This shake up came in the form of implementing two new sets of legislation.
- The Data Protection Act 2018 and
- The General Data Protection Regulations (GDPR) 2018
The GDPR and the Data Protection Act 2018 replaced the existing Data Protection Act published in 1997 and introduced new aspects of data security and privacy for data subjects.
The GDPR is broken down into 7 principles
- Lawfulness, fairness and transparency
Data processors must process your personal data in a way that is fair, transparent and keeping within the restrictions of the law
- Purpose Limitation
Data processors must only process your personal data for the purpose for which it was collected
- Data Minimisation
Data processors must collect data that is necessary for the purpose in which it was collected. Information must be relevant
Data processors must ensure that all the personal information held regarding data subjects is current and kept up-to-date.
- Storage Limitation
Data processors must not keep your data for longer than necessary
- Integrity and Confidentiality (Security)
Data processors must ensure that necessary security measures are put in place to ensure that your data is kept safe and protected.
Data processors must take responsibility for your data whilst it is under their care. This includes the transfer of data between parties.
Data Subject Rights
The GDPR also introduces additional rights for data subjects. It introduces the following rights:
- The right to be kept informed
Data subjects have the right to know how their personal data is processed, how long it will be retained for who the data will be shared with.
- The right to access data relating to the data subject
Data subjects have the right to access any personal information held about them.
- The right to rectify invalid data held by an organisation
Data subjects have the right to rectify any invalid personal data in a timely manner.
- The right to be forgotten or to request erasure
Data subjects have the right to request that their personal data be erased once the original purpose has been fulfilled.
- The right to restrict the processing of your personal data
Data subject have the right to restrict or limit the extent in which data is processed. This is subject to certain requirements being met.
- The right to data portability
Data subjects have the right to request a copy of their personal information in a structured, commonly used, machine readable format for use at other locations.
- The right to object to further data processing
Data subjects have the right to object to further processing of personal information for certain things, such as direct marketing.
The new principles are broadly similar to the principles within the Data Protection Act 1998.
What is classed as personal information
Personal data includes everything ranging from basic contact details such as your name, telephone number, email address and home address, right through to more complex and sensitive information such as retinal scans and fingerprints.
The following data is classed as sensitive and identifiable:
- Email Addresses
- Telephone Numbers
- Identification Numbers (NHS Patient Numbers, National Insurance Numbers etc.)
- Location Data
- Online Identifiers such as IP Addresses
- Bio-metric Data
- Healthcare Data
- Racial or Ethnic Data
- Political Opinions
- Religious or Philosophical Beliefs
- Trade Union Memberships
- Sex life or Sexual Orientation
How can we help?
May we introduce our new business continuity suite, Fortify.
Our Fortify continuity suite takes every aspect of your business network from your Internet Security to your day to day Cloud Backups.
Fortify is a completely managed service, just set and forget and we’ll manage the rest.
Our managed IT service watches over the day to day running of your computer systems to prevent any issues before they occur. Linked with our remote and on-site technical support packages, you no longer need to worry about running Windows Updates and cleaning up all the junk left behind.
Alerts will automatically be generated for any unusual activity detected on any of your devices relating to hardware or software issues. An engineer will be notified as soon as an alert is raised, allowing us to address issues on your behalf before they affect the day to day running of your business*.
Who monitors your antivirus installations across your computer network? Do you have an administration console? Is the software configured to play nicely with your specialist applications?
Our managed antivirus applications are not only monitored remotely, but we also configure them to help defend your computers against all known threats which have been programmed to cost your business money and time.
In the event of a threat being detected, our engineers will be alerted and will deal with the threat within a timely manner.
It used to be that local backups were safe, but with the advancements of Ransomware, local backups are no longer safe.
Our cloud backup solutions are fully encrypted and GDPR compliant. Backups can be configured to run throughout the day with a full system backup nightly ensuring that all your business critical data is stored securely.
Your backups are only accessible by you, nobody else; giving you peace of mind that your systems are protected from physical and digital disasters. Our management systems monitor your backups for any issues and our engineers will address any issues detected behind the scenes.
Have you ever caught your employees doing things online that costs your business time and money? or do you want to add an additional layer of protection to your computer network?
Our web protect filtering software allows you to block whole categories of websites or individual websites. It also allows you to white-list individual websites depending on your requirements.
This software is configured on the back of your network so internal business services will not be affected and no additional software will be required on your individual devices for this filter to work.
This is a fully managed service so no training is required.