The General Data Protection Regulation (GDPR)
Texaport works with businesses offering GDPR consultancy.
We liaise with legal advisors to provide the most accurate guidance. The GDPR or General Data Protection Regulations came into force in May 2018 and sets guidelines for the gathering, storage and use of personal data by businesses and public bodies. The knee jerk reaction of most businesses dealing with personal data has been to purge their marketing databases and any records of personal data out of fear of prosecution.
While the GDPR implements a new set of regulations it mostly builds on the Data Protection Act of 1998 which businesses already had to comply with and provided they were working on this or working within the scope of this Act has not required a great deal of change.
For businesses unfamiliar with Data Protection or bewildered by the volume of information concerning GDPR, Texaport offers a wide range of support including GDPR consultancy.
Our standard process around Cyber Security is a 5 step process preceded by an informal chat with our Data Protection guru.
The GDPR Process
The General Data Protection Regulations concern Personally Identifiable Information, or PII, and the gathering, storage and use of this by businesses and public bodies. When considering liability for personal data, or vulnerability to persecution, businesses first need to identify their processes, procedures and need for data. Texaport work with clients to complete detailed “Data Scoping” documents which help to identify, locate and “map out” Personally Identifiable Information throughout the organisation. This data can take many forms and be scattered throughout the organisation so will involve a cross-department approach to complete. Once data has been scoped throughout the organisation Texaport can work with clients to ensure GDPR compliance with the regulations.
Much like a financial audit where an auditor would investigate the accounts, inventory and processes of an organisation to ensure compliance and correctness, a Texaport audit will look into the Technical capacity of the organisation in relation to GDPR compliance.
General Data Protection Regulation FAQ
The GDPR is a Law and set of rules which are intended to give individuals more control over their personally identifiable information. This includes your name, address, credit card number, date of birth, religion and more. Any company who stores and/or uses this information for marketing, payroll or any other purpose has to comply with these rules.
PII or Personally Identifiable Information is defined in the GDPR as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
The maximum fine is €20 million or 4% of “worldwide turnover”, whichever is greater.
The scale of the fine depends on the extent and impact of the error or breach.
Unless you have taken on specialist help in data protection there is a good chance that you will not be compliant with the GDPR.
This is an important question you will be entitled to have an answer to from all of your suppliers. These storage locations will be subject to the same regulations as the companies who have requested or use your information.
The main implications of GDPR are policy, process and software based. Hardware will factor into this when newer, more secure, software has been released which the hardware cannot run. If that software patches vulnerabilities to your secure system or prevents the compromise of personal data your hardware could cost €20 million.
How can we help?
We can solve virtually anything.
We focus on four key service areas to support our clients’ business needs: