Home | Our customers | Case studies | News | Events | About us | Contact |
IT services |
IT support |
IT business continuity |
IT planning and management |
IT consolidation |
IT outsourcing |
Hosted services |
Utility services |
Hardware and software |
CORONA, award-winning software |
Software development |
Mobile data |
Helpdesk |
The IT implications of the new General Data Protection Regulation (GDPR), coming into force on 25 May 2018, brings the Data Protection Act of 1998 into the twenty-first century. Lightsout is perfectly placed to bridge the skills and knowledge gaps common to SMEs and charities to help minimise the cost of GDPR compliance.
In essence, the GDPR:
Organisations will need adequate systems in place to recognise and manage any data breaches that may arise, and notify the local data protection authority within 72 hours of the breach.
Under the new rules, personal data should not be held for longer than necessary, or used for any other purpose than that specified by the person whose data you hold. Also, complying with “the right to be forgotten” is something that many systems won't yet be set up to achieve.
Providing a paper-chain of consent to use each record will become essential - pre-ticked boxes and other common online practices will not comply with the new regulation. Many organisations will need to provide access for individuals to review the personal data they hold about them.
In this instance, data processing at its lowest level simply means receiving, collecting, possessing, using or passing on information about an identifiable person. Article 37 of the GDPR requires “controllers and processers” of personal information to appoint a Data Protection Officer.
This means that some SMEs will have to appoint a Data Protection Officer, while some larger organisations won't have to. Consultants at Lightsout Computer Services are able to bridge this gap in the same way that you might outsource other business disciplines.
Data Protection Officers will manage data security (including cyber-attacks) and aspects of business continuity specific to the presence of personal data.
GDPR specifies that the individual should be “designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks”.
Most SMEs need to change their approach to protecting themselves against cyber-crime. Contact us if you'd like us to independently assess your system.