General Data Protection Regulation (GDPR)
GDPR legislation is a series of measures designed to protect the privacy of individuals in a fast moving, data-rich, digital world. In the UK, GDPR replaces and updates the Data Protection Act (DPA) of 1998 – if you think about it, a lot has changed in the last 20 years. There has been an explosion in the use of the internet; individuals have freely given information when signing up for services online with little thought for the consequences. Everything we do is adding to our digital footprint; price comparison sites, supermarket loyalty cards, Social Media organisations even ordering a takeaway means filling in a form – every interaction and transaction is recorded somewhere and is potentially shared.
GDPR is designed to address this ‘new data normal’. It puts the onus squarely on the shoulders of organisations to treat personal information respectfully and responsibly. The Information Commissioners Office (ICO) is the UK body responsible for enforcing the law – it can carry out an audit on any organisation at any time. Under GDPR, non-compliance can come with heavy fines (up to £17 million or 4% of turnover allowed under the new law) but the focus is more about getting it right and helping protect personal data. Apart from fines, the GDPR gives the ICO a range of sanctions to help organisations comply – warnings, reprimands, corrective orders. While these will not hit organisations directly in the pocket – their reputations will suffer a significant blow.
Qubic has always helped its customers keep their information safe through a series of cybersecurity and business continuity measures. We have been investing in technology and people over the last year to be able to help our customers comply with GDPR. We offer a range of service levels from an initial audit to a full, on-going GDPR compliance programme.