New Data Protection Act
The IT implications of the new General Data Protection Regulation (GDPR), coming into force on 25 May 2018, brings the Data Protection Act of 1998 into the twenty-first century
| Home | Our customers | Case studies | News | Events | About us | Contact |
IT services |
| IT support |
| IT business continuity |
| IT planning and management |
| IT consolidation |
| IT outsourcing |
| Hosted services |
| Utility services |
Hardware and software |
| CORONA, award-winning software |
| Software development |
| Mobile data |
| Helpdesk |
Tweet
New Data Protection Act
Data Protection Act and Data Security
The IT implications of the new General Data Protection Regulation (GDPR), coming into force on 25 May 2018, brings the Data Protection Act of 1998 into the twenty-first century. Lightsout is perfectly placed to bridge the skills and knowledge gaps common to SMEs and charities to help minimise the cost of GDPR compliance.
Implications of new data protection laws for UK businesses and charities
In essence, the GDPR:
- Returns the control of personal data to individuals.
- Means that many organisations will need to appoint an internal or external Data Protection Officer for data processing.
- Modernises and simplifies the Data Protection Act.
Organisations will need adequate systems in place to recognise and manage any data breaches that may arise, and notify the local data protection authority within 72 hours of the breach.
Under the new rules, personal data should not be held for longer than necessary, or used for any other purpose than that specified by the person whose data you hold. Also, complying with “the right to be forgotten” is something that many systems won't yet be set up to achieve.
Providing a paper-chain of consent to use each record will become essential - pre-ticked boxes and other common online practices will not comply with the new regulation. Many organisations will need to provide access for individuals to review the personal data they hold about them.
Organisations that process data need to appoint a Data Protection Officer
In this instance, data processing at its lowest level simply means receiving, collecting, possessing, using or passing on information about an identifiable person. Article 37 of the GDPR requires “controllers and processers” of personal information to appoint a Data Protection Officer.
This means that some SMEs will have to appoint a Data Protection Officer, while some larger organisations won't have to. Consultants at Lightsout Computer Services are able to bridge this gap in the same way that you might outsource other business disciplines.
Data Protection Officer duties
Data Protection Officers will manage data security (including cyber-attacks) and aspects of business continuity specific to the presence of personal data.
GDPR specifies that the individual should be “designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks”.
Most SMEs need to change their approach to protecting themselves against cyber-crime. Contact us if you'd like us to independently assess your system.
Lightsout CORONA
CORONA software has been solely developed over the past ten years to increase company-wide performance of organisations with field-based workforces. It is three years ahead of its time, revolutionising the profitability of SMEs with 20+ employees to international corporations...Lightsout IT Services
More than half of UK businesses lose revenue, every year, due to lack of independent IT expertise, which they cannot normally afford in house. For this reason, organisations frequently ask Lightsout Computer Services to help them in one of two ways...Lightsout Hardware and Software
Lightsout Computer Services always creates business-assigned solutions in order to:- increase IT service quality
- drive out complexity
- reduce running costs.