GDPR Implementation at Custodian Data Centres
The General Data Protection Regulations (GDPR) was agreed back in April 2016 and will replace the current EU Data Protective Directive. The GDPR comes into force in May 2018. The regulation will unify data privacy across all current 28 member states including Britain post “Brexit” as confirmed recently by the government. Its impact will spread much further as any businesses that deal with data belonging to EU citizens will need to comply.
For all intents and purposes, GDPR is an extension of the current Data Protection Act. However, there are a few notable changes. This includes: data subjects having to be notified within 72 hours of any data breach, the burden of proof moving from regulator to business and of course, an increase in fines for non-compliance.
What are Custodian Data Centres doing now?
Custodian Data Centres have ensured that this is a matter for the boardroom and not just its IT teams. It has also ensured that awareness of GDPR is being spread around the business. Alongside the awareness campaign, Custodian has designated a Data Protection Officer (DPO) and have begun looking at the following areas:
- Information we hold and the data flows
- How we communicate privacy information
- How GDPR will impact individuals rights
- Current process for Subject Access Requests (SARs)
- Ensuring the legal basis for which we process personal data is correct
- How we receive consent
- Our process for detection, reporting and investigating any data breaches
- Privacy by design and conducting privacy impact assessments