I have had many conversations about the negative implications of GDPR the “Stick”, but what about the positive implications the “Carrot”.
I felt after all the FUD that has been thrown around recently, it was time to extol the virtues of becoming compliant and the inherent benefits this brings.
Yesterday a major security flaw was discovered in macOS High Sierra.
Update 30/11 : This has now been patched by Apple. A support page for the patch, Security Update 2017--001 details Apple's response. The update is reported to cause issues with file sharing Apple has released an additional fix for that also.
What do you Creative Agencies need to know for GDPR?
From the 25th May 2018 the General Data Protection Regulation will come into force across all the EU member states, currently 28 as follows:
Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.
Clearly the UK will still be a member and therefore affected in the same way by this EU law that replaces the Data Protection Act which has been around for 20 years, but now the regulation comes with the full power of the EU courts making it a legal requirement for all companies to adhere to the regulations, or face some heavy fines up to €20 million or 4% of a company’s global annual income (whichever is the larger amount).
Even after the UK officially exists the EU the same legislation will largely apply on the basis that many companies are still trading or performing some function in Europe and therefore still liable based on this regulation, and this has been confirmed as extending out globally to any company in any country processing European citizen data.
We have heard a lot of cynical views around GDPR, especially the comment “it will never happen to me”. Well, we thought it might be worth reminding you who might blow the whistle on you to the ICO.
EU Citizens – Any EU citizen that believes they have not given you permission or had notification is at liberty to do this.
On Thursday 2nd November 2017 we hosted our first 'GDPR Breakfast Briefing' event, inside our office in Bromsgrove. Our Breakfast briefings are simply a training and development event scheduled for the morning period.
"I'm more confident in what I need to do next"
GDPR if you don't already know stands for 'General Data Protection Regulation', which is going to supersede the current 'Data Protection Act 1998. GDPR been a regulation since May 2016 but will start to be enforced from the 25th May 2018.
The event was led by our consultant Steve McGowan, who has been studying the subject heavily since it's announcement.
Today we've been up to some mischief, each of our employees has donated £5 each to see Mark (the boss!) dress up in a costume of our choice! So you know we had to pick him out something good aha.
Youll be happy to know we've jam-packed his calendar today just so he can show off his lovely new get-up to the outside world! On top of Mark's new makeover, the lovely Kate Jones has baked us some terrifyingly delicious cakes.
GDPR becomes enforceable from the 25th May 2018, that's a fact. However, after discussing the topic with both end users and channel partners we've received an interesting range of responses about the forthcoming legislation. So we thought based on the feedback received, it would be useful to share these Myth’s versus Fact’s as follows:
Myth 1: The regulators want to see you fail
Fact: One of the aims for breach notification laws such as GDPR is to push companies to step up their ability to detect breaches and to mitigate the negative impacts effectively.
Our 'Consulting Partner', Karl Fontanari had the opportunity of discussing the General Data Protection Regulation (GDPR), based on 10 questions, with Professor Jacqui Taylor, who is an acknowledged expert lead for the British Standards Institute (BSI).
1.Why do you think so few companies have started to prepare?
JT - Number of factors such as this is regulation rather than legislation and is not aligned to a particular sector and therefore has no specific vertical relevance, such as Finance, Health, Etc.
Adhering to annual protocol we have re-assed our own security; and we are proud to announce that we continue to be IASME, Cyber Essentials and cyber essentials + certified. This achievement further demonstrates our commitment to cyber security, further reinforcing our commitment we have to our clients.
For those wondering the differences between the current 'data protection act' (DPA) and the newest about to be implemented being 'GDPR'. We thought this table may be of benefit to you.
DPA(Data Protection Act 1998)
GDPR (General Data Protection Regulation)
The Data Protection Act was developed to give protection and lay down rules about how data about people can be used.
