GDPR will be written into UK law, Brexit or no Brexit. This article explains how you can prepare your security controls for the biggest change to Data Protection legislation in the UK in a generation.
The government announced its plans to write the EU General Data Protection Regulation into UK Law. The requirements of GDPR will be enforced in Britain under the new data protection bill, announced by Matt Hancock, the minister for digital in a statement of intent on 7th August 2017.
A quick background, in case you haven’t heard about GDPR (in which case: where have you been?) or seen our previous advice on the regulation (here and here): the General Data Protection Regulation (GDPR) comes into force on 25 May 2018. The legislation itself has actually been completed since April 2016, but its complexity led to the EU allowing a 2-year grace period for countries and organisations to prepare and comply adjust.
We are nearing the end of that preparation timeline, and in 9 months GDPR will come into force, bringing enhanced powers over personal information for data subjects, and huge fines for those organisations and data processors that aren’t prepared.
By acting now, you can ensure you know exactly how the new data protection legislation could affect your organisation and be confident in your data protection processes and systems come the May 2018 deadline.
Commissum offer a range of testing services to complement your GDPR project. We can provide data protection consulting specifically in the context of this upcoming legislation, combined with assistance on Cyber Essentials to make sure your security is up to scratch. For more information on our complete package of security and data protection services, get in touch.