The General Data Protection Regulation (GDPR)
Texaport works with businesses offering GDPR consultancy.
We liaise with legal advisors to provide the most accurate guidance. The GDPR, or General Data Protection Regulations, came into force in May 2018 and set guidelines for the gathering, storing, and using personal data by businesses and public bodies. The knee-jerk reaction of most businesses dealing with personal data has been to purge their marketing databases and personal data records out of fear of prosecution.
While the GDPR implements a new set of regulations, it mostly builds on the Data Protection Act of 1998, which businesses already had to comply with and provided they were working on this or working within the scope of this Act, has not required a great deal of change.
For businesses unfamiliar with Data Protection or bewildered by the volume of information concerning GDPR, Texaport offers a wide range of support, including GDPR consultancy.
Our standard process around Cyber Security is a 5 step process preceded by an informal chat with our Data Protection consultant.
Scope your business aginst GDPR
We first look at what personal information is handled within the company
GDPR Audit
We do a thorough analysis of the data's storage, access, and management so as to bring everything in line with the Government's standard.
Detailed GDPR Report
We break down area's for improvement and needed change in your current data management environment
Implement
We help you enforce these changes and offer protocols and steps to follow going forward
Review
We re-check our initial breakdown and confirm that all points have been completed satisfactorily
The GDPR Process
The General Data Protection Regulations concern Personally Identifiable Information, or PII, and the gathering, storage and use of this by businesses and public bodies. When considering liability for personal data, or vulnerability to prosecution, businesses first need to identify their processes, procedures and need for data. Texaport works with clients to complete detailed “Data Scoping” documents that help identify, locate and “map out” Personally Identifiable Information throughout the organisation. This data can take many forms and be scattered throughout the organisation, so that it will involve a cross-department approach to completion. Once data has been scoped throughout the organisation, Texaport can work with clients to ensure GDPR compliance with the regulations.
Much like a financial audit, where an auditor would investigate an organisation’s accounts, inventory and processes to ensure compliance and correctness, a Texaport audit will look into the organisation’s technical capacity in relation to GDPR compliance.
General Data Protection Regulation FAQ
The GDPR is a Law and set of rules which are intended to give individuals more control over their personally identifiable information. This includes your name, address, credit card number, date of birth, religion and more. Any company who stores and/or uses this information for marketing, payroll or any other purpose has to comply with these rules.
GDPR stands for General Data Protection Regulation
PII or Personally Identifiable Information is defined in the GDPR as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
The maximum fine is €20 million or 4% of “worldwide turnover”, whichever is greater.
The scale of the fine depends on the extent and impact of the error or breach.
Unless you have taken on specialist help in data protection there is a good chance that you will not be compliant with the GDPR.
This is an important question you will be entitled to have an answer to from all of your suppliers. These storage locations will be subject to the same regulations as the companies who have requested or use your information.
The main implications of GDPR are policy, process and software based. Hardware will factor into this when newer, more secure, software has been released which the hardware cannot run. If that software patches vulnerabilities to your secure system or prevents the compromise of personal data your hardware could cost €20 million.
The full text of the GDPR can be found here.
Or contact us for more information.
How can we help?
Cybersecurity News
What is Penetration Testing?
As the Cybersecurity Industry grows, so will the terminology used within the industry. This blog aims to explain what Penetration Testing is, the different types…
Ransomware: A Beginning to 2023
Ransomware in 2022: Review At the end of 2022, the Cybersecurity company Emsisoft released a report revealing the high number of Government bodies, Universities,…
The Impact of Spam Emails on Businesses
Spam can have a negative impact on any organisation, from decreased productivity and resources to overwhelming employees with unwanted messages. To stay competitive, businesses must…
We can solve anything.
Managed IT Services
We focus on five key IT service areas to support our clients’ business needs:
We provide proactive monitoring, maintenance and IT support services for your organisation's entire IT system, saving you time, money and headaches.
We are a highly accredited managed service provider able to support all your IT security requirements. Find out how we can help your business.
We are cloud specialists. Our cloud services can significantly reduce the cost of managing and maintaining your IT systems whilst ensuring business continuity.
Getting your people connected is another of our key IT service offerings. We can put in place all your required connectivity requirements.
World-class IT guidance for the big decisions. From one-off consultancy to full-scale project design, management and delivery, we’re there whenever you need us.
