The GDPR will replace the existing Data Protection Act (1998) when it is implemented in May 2018.

The General Data Protection Regulation has been designed to ensure businesses tighten up on any personal data they hold, and ensure data is only held if there is a real business case to do so.Following the UK implementation of GDPR, to hold personal data, you will be required to have either a legal requirement to do so, or the necessary consent to hold data from the individual whom it relates to, or whom they have parental consent for.

It is almost impossible to say that a data breach will never occur in your business, however, so long as you ensure that your business has taken the necessary steps when gathering and safeguarding personal data, and that you have the necessary procedures in place to deal with a breach, then it is likely that you will not be subject to the significant fines that are being reported in the press – it is likely that the large fines will be for businesses who have demonstrated complete negligence with personal data.

Businesses will be required to report breaches that affect the rights and freedoms of individuals to the ICO after 72 hours from detection of the breach.Given that even larger firms can take months to detect a breach, it’s clear that monitoring systems need to be improved sooner rather than later.

Through consultation, we can carry out a systematic evaluation of the security of your company's data and information systems, by measuring how well it conforms to the GDPR criteria, and making suitable recommendations.

Typically we will assess your awareness of the importance of GDPR; review the personal data that you hold while establishing where the data came from and who you share it with; review your current Privacy Notice and ensure it identifies your lawful basis for processing; review current policies to update requirements for individuals rights including subject access requests; review how you seek, record and manage consent; review the procedures you have in place to detect, report and investigate a personal data breach; and review your requirement for a Data Protection Officer.   

At Its Secure, our specialist team has years of professional experience working in IT Security, HR & Training, and Compliance, for Global, UK & Ireland based, and local SMEs.  We have partnered with organisations from different sectors, including manufacturing, engineering, sales & marketing, charities, insurance, medical, health & safety, tourism, and construction.

Combining the experience of our team, this allows for us to offer your business a 'multi-disciplined approach' to IT & data security.