{"id":4447,"date":"2017-11-16T16:03:49","date_gmt":"2017-11-16T16:03:49","guid":{"rendered":"https:\/\/cybersmart.com\/?p=4447"},"modified":"2021-02-03T16:03:10","modified_gmt":"2021-02-03T16:03:10","slug":"gdpr-what-is-it-and-why-is-it-important","status":"publish","type":"post","link":"https:\/\/cybersmart.com\/blog\/gdpr-what-is-it-and-why-is-it-important\/","title":{"rendered":"GDPR: What is it and why is it important?"},"content":{"rendered":"
The General Data Protection Regulation (GDPR)<\/a> is Europe’s new framework for data protection laws. GDPR replaces the previous 1995 data protection directive, which current UK law is based upon.<\/span><\/p>\n It introduces tougher fines for non-compliance and breaches and gives us all more say over what companies can do with our data. On top of this, it <\/span>also makes data protection rules more or less identical throughout the EU.<\/span><\/p>\n The new law has two aims. First, the EU wants to give people more control over how their personal data is used. This is down to the practices of companies like Facebook and Google, who often swap access to their services for users’ data.\u00a0<\/span><\/p>\n The current Data Protection Act was enacted before the internet, making it easy to exploit data using new technology. GDPR seeks to address this. By<\/span> strengthening data protection legislation and introducing tougher enforcement measures, the EU hopes to improve trust in the\u00a0 digital economy.\u00a0\u00a0<\/span><\/p>\n Second, the EU wants to give businesses a clearer legal environment to operate in. It’s estimated that making data protection law identical throughout the single market will save businesses a collective \u20ac2.3 billion a year. GDPR has applied to all EU member states since 25 May 2018.\u00a0<\/span><\/p>\n According to the EU, ‘controllers’ and ‘processors’ of data need to follow GDPR rules. Let’s dig into those terms a little.\u00a0<\/span><\/p>\n A data controller is the party responsible for how\u00a0<\/em>and why<\/em>\u00a0<\/em>data is processed. This is usually your business itself.\u00a0A processeser is the party responsible for the actual handling<\/em> of the data.<\/p>\n Using a third-party contractor for processing your payroll is great example of this. Your business tells the payroll company when wages should be paid, how much each employee should recieve, and if anyone leaves or joins. The payroll company provides the IT system and stores your employees’ data. In this situation, your business is the controller and the payroll provider the processor.<\/p>\n Even if controllers and processors are based outside the EU GDPR still applies, so long as they’re dealing with data belonging to EU residents. <\/span><\/p>\n It’s your responsibility as a controller to ensure the processor follows the rules. Meanwhile, processors must keep records of their processing activities. There’s a big incentive to do this. Under GDPR, the penalities are much more severe than they were previously.\u00a0\u00a0<\/span><\/p>\n While your organisation needs more than Cyber Essentials to comply with GDPR, it’s a great first step. Cyber Essentials certification is evidence that you have taken steps towards protecting your data from cyber attacks.<\/span><\/p>\n Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in\u00a0Cyber Essentials<\/a>, the UK government scheme that covers all the fundamentals of cyber hygiene.<\/p>\n <\/p>\nWhy was GDPR drafted in the first place?<\/b><\/span><\/h3>\n
\n<\/span><\/p>\nWhen will it apply?<\/b><\/span><\/h3>\n
Who does it apply to?<\/b><\/span><\/h3>\n
How can Cyber Essentials help with GDPR?<\/b><\/span><\/h3>\n