Skip to main content

Following over four years of negotiation, the European Union’s General Data Protection Regulation (GDPR) has finally been passed and will come into effect in 2018.

As of Thursday 14th April, the European Union adopted new legislation on data protection, giving individuals more control over their personal information.

What are the regulations for?

The new law comes following the ever increasing digital era of the internet, mobile devices, online banking and social media, replacing the 1995 EU data protection directive. This new legislation is intended to better protect consumers against data breaches caused by their service providers. Businesses will benefit through the harmonisation of European data protection regulations therefore making it easier to comply.

What is the impact on your business?

Those not conforming to the new requirements can expect fines amounting to as much as 4% of their previous year’s global revenue (or  20 million, depending on which is greater).

All businesses must keep track of sensitive personal data and have proven audit trails of the processing of such information. Should a breach occur, notification to the data protection authorities must be provided within 72 hours – In the UK it is the Information Commissioner’s Office.

For those companies handling considerable amounts of sensitive customer information, a special data protection officer must be appointed. Arming these individuals with the tools for data governance will be key.

Businesses face significant risk not only financially with potential fines but also the impact in reputation in the event of a data breach. With these new regulations, customers are likely to challenge their existing and prospective providers on their data protection governance before making a decision on a new service provider.

There is no doubt that this new law will affect almost every business in some way or another and therefore it will be essential to preserve customer expectation and trust to remain successful. Any business not protecting their customers’ data sufficiently will be at severe risk of losing custom to competitors.

What is the impact on your consumers?

Consumers will be the driving force behind service providers, pushing them to adhere to the new regulations.

Individuals must now be notified by companies should their data be processed in any way.

Users of a service have the right to switch personal data to another service provider therefore having the ability to change service provider without risk of losing any previous data, contacts, documentation or other assets.

Should an individual decide that they no longer wish to have their data processed by a business, they will now have the right to be forgotten by service providers. Businesses will be obligated to erase or destroy all data of that individual, unless they can provide legitimate reason as to why it must be retained.

Where does this leave UK businesses in the event of Brexit?

Well, for those UK businesses dealing with the EU it seems as though the EU GDPR will still apply regardless of whether the UK is in or out of the European Union. The reason being, the applicability of the new legislation is based on the data, not the business and therefore any data concerning EU individuals must adhere to the new regulations.

Do not make the mistake in thinking that because your data is held on UK servers, you are exempt from the rule. You may well experience ignorance from others with the assumption that until the referendum results are out, there is little point in putting anything in place. The fact is that GDPR will affect all UK businesses offering services of any kind to markets within the European Union.

Our Advice?

Familiarise yourself with the legislation, fully understand your obligations and invest in relevant software and solutions as soon as possible. Regardless of any resistance you may be given from others within your business, if you were to wait for the referendum results to come in before implementing the necessary systems, you could leave your business in a difficult situation with less than 18 months to get yourselves up to speed before the GDPR comes in to effect.

What should you be investing in?

Secure Print

  • Avoid sensitive documents sitting uncollected at the printer that has the ability to delete jobs if the device errors or media runs out whilst print jobs are being released.
  • Print jobs will queue on the device until released by the user.
  • Allows users to release print jobs from any device.
  • Encrypt print jobs from the user PC to device.
  • Anonymise print file names.
  • Shredder to sit by devices for unwanted & discarded print on devices.
  • Monitor content of documents being printed, copied or scanned to prevent duplication of documents of the highest sensitivity.
  • Device Hard disk Erase or Encryption to prevent lose of data from printer Hard Drives.

Document Management

  • Automate the storage, management and tracking of all documents.
  • Distribute to the relevant department automatically from the scanner.
  • Apply rules based print and scan to prevent sensitive data from being copied.

Version Control

  • View what changes have been made to a document, when and by whom.
  • Record all changes to a file or set of files and ensure your staff are using the most up-to-date data.
  • Create user identity profiles.

Access Rights

  • Prevent sensitive data from getting into the wrong hands.
  • Manage user permissions for use of specific documents within your business.
  • Apply protocol settings to print and scanning devices.
  • Create user identity directories that include guest permissions.