New Data Protection Act

The IT implications of the new General Data Protection Regulation (GDPR), coming into force on 25 May 2018, brings the Data Protection Act of 1998 into the twenty-first century
Home Our customers Case studies News Events About us Contact

New Data Protection Act

Data Protection Act and Data Security

The IT implications of the new General Data Protection Regulation (GDPR), coming into force on 25 May 2018, brings the Data Protection Act of 1998 into the twenty-first century. Lightsout is perfectly placed to bridge the skills and knowledge gaps common to SMEs and charities to help minimise the cost of GDPR compliance.

Implications of new data protection laws for UK businesses and charities

In essence, the GDPR:

  1. Returns the control of personal data to individuals.
  2. Means that many organisations will need to appoint an internal or external Data Protection Officer for data processing.
  3. Modernises and simplifies the Data Protection Act.

Organisations will need adequate systems in place to recognise and manage any data breaches that may arise, and notify the local data protection authority within 72 hours of the breach.

Under the new rules, personal data should not be held for longer than necessary, or used for any other purpose than that specified by the person whose data you hold. Also, complying with “the right to be forgotten” is something that many systems won't yet be set up to achieve.

Providing a paper-chain of consent to use each record will become essential - pre-ticked boxes and other common online practices will not comply with the new regulation. Many organisations will need to provide access for individuals to review the personal data they hold about them.

Organisations that process data need to appoint a Data Protection Officer

In this instance, data processing at its lowest level simply means receiving, collecting, possessing, using or passing on information about an identifiable person. Article 37 of the GDPR requires “controllers and processers” of personal information to appoint a Data Protection Officer.

This means that some SMEs will have to appoint a Data Protection Officer, while some larger organisations won't have to. Consultants at Lightsout Computer Services are able to bridge this gap in the same way that you might outsource other business disciplines.

Data Protection Officer duties

Data Protection Officers will manage data security (including cyber-attacks) and aspects of business continuity specific to the presence of personal data.

GDPR specifies that the individual should be “designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks”.

Most SMEs need to change their approach to protecting themselves against cyber-crime. Contact us if you'd like us to independently assess your system.


08450 55 44 55

08450 55 22 55

IT Europa 2014 Finalist

Lightsout CORONA

CORONA software has been solely developed over the past ten years to increase company-wide performance of organisations with field-based workforces. It is three years ahead of its time, revolutionising the profitability of SMEs with 20+ employees to international corporations...
Read More

Lightsout IT Services

More than half of UK businesses lose revenue, every year, due to lack of independent IT expertise, which they cannot normally afford in house. For this reason, organisations frequently ask Lightsout Computer Services to help them in one of two ways...
Read More

Lightsout Hardware and Software

Lightsout Computer Services always creates business-assigned solutions in order to:
  • increase IT service quality
  • drive out complexity
  • reduce running costs.
Read More