PILLAR 2 | SECURITY AND COMPLIANCE NEW UK-GDPR LAW AFTER BREXIT
The new UK-GDPR (General Data Protection Regulation) and amended Data Protection Act 2018 that took effect on December 31st 2020 affects how you, as a business, handle personal information.
GDPR post BREXIT
The EU GDPR is an EU Regulation and it no longer applies to the UK. However, if you operate inside the UK, you will need to comply with UK data protection law. The GDPR has been incorporated into UK data protection law as the UK GDPR – so in practice there is little change to the core data protection principles, rights and obligations found in the UK GDPR.
The EU GDPR may also still apply directly to you if you operate in Europe, offer goods or services to individuals in Europe, or monitor the behaviour of individuals in Europe.
The EU GDPR will still apply to any organisations in Europe who send you data, so you may need to help them decide how to transfer personal data to the UK in line with the UK GDPR, if the trade deal bridge ends without adequacy.
What is the UK data protection law now the Brexit transition period has ended?
The Data Protection Act 2018 (DPA 2018) continues to apply. The provisions of the EU GDPR were incorporated directly into UK law at the end of the transition period. The UK GDPR sits alongside the DPA 2018 with some technical amendments so that it works in a UK-only context.
GDPR Compliance Project
Every business is unique, however the strategies to achieve compliance are comparable. Our GDPR teams will work with your company to ensure that you are on a clear path to achieve and maintain GDPR compliance during your implementation project phase.
Initiate
Initiation Workshop
Use-case Identification
Establish a GDPR Champion Network
Stakeholder Comms
Data Discovery & Analysis & Mapping
GDPR Process Analysis
GDPR Gap Analysis
Implement
Corporate Comms
GDPR Process Implementation
Full Project Delivery
Resource Management
Data Mapping & Rationalization
Compliance Acceptance Criteria
Setup Support process
Support
GDPR Governance Support
Quarterly Compliance Audits
Ongoing ICO Liaison
Ongoing GDPR Focused Comms
DPIA Review & Approvals
Data Centric Change Project Reviews
GDPR Toolset Management
Do I need a Data Protection Officer?
Under the GDPR, you must appoint a data protection officer (DPO) if you:
are a public authority (except for courts acting in their judicial capacity);
carry out large scale systematic monitoring of individuals (for example, online behavior tracking), or
carry out large scale processing of special categories of data or data relating to criminal convictions and offences.
You may appoint a single data protection officer to act for a group of companies or for a group of public authorities, taking into account their structure and size.
Any organisation is able to appoint a DPO. Regardless of whether the GDPR obliges you to appoint a DPO, you must ensure that your organisation has sufficient staff and skills to discharge your obligations under the GDPR.
The Data Protection Officer’s DPO’s minimum tasks:
To inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws.
To monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, advise on data protection impact assessments; train staff and conduct internal audits.
To be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers, etc).
GDPR DPOaaS
We work in partnership with our clients to provide fully managed GDPR Data Protection Officer services. Our collaborative data protection officer as a service approach is there for when you need GDPR Data Protection Officer resources but cannot expand or reallocate your team.
• Fully comply with GDPR legislation
• GDPR Data Protection Officer
• Integration with your team
• Monthly cost to give you control of your budgets
• Anonymized requests and questions to the ICO
Cyber Security
New normal has stretched security to its limits, our approach will put you back in control of your People, Processes and Technology.
Keeping your data safe
At Change we work with best in breed vendors to protect your business from Cyber attacks, should the worst happen we will ensure you are up and running with the ability to see all affected systems and data subjects. With more users being remote and the devise landscape being ever changing it is more important than ever to have a robust security process.
Cyber threats are no longer just individuals trying to make a name for themselves they are now multi billon pound international organisations available for hire, they can cause irreparable brand damage by exploiting the smallest error in your security.
A successful cybersecurity approach has multiple layers of protection spread across the computers, networks, programs, or data that one intends to keep safe. In an organisation, the people, processes, and technology must all complement one another to create an effective defence from cyber-attacks.
People
Users must understand and comply with basic data security principles like choosing strong passwords, being wary of attachments in email, and backing up data.
Processes
Organisations must have a framework for how they deal with both attempted and successful cyber attacks. When your organisation has suffered an attack you need to not only be aware of the attack but also be able to deal with and document what has happened. The negative press from an attack can be catastrophic if you cannot show how you have protected your customer data and supported affected users.
Technology
Technology is essential to giving organisations and individuals the computer security tools needed to protect themselves from cyber attacks. Three main entities must be protected: endpoint devices like computers, smart devices, and routers; networks; and the cloud. Common technology used to protect these entities include next-generation firewalls, DNS filtering, malware protection, antivirus software, and email security solutions.
Why is cybersecurity important?
In today’s connected world, everyone benefits from advanced cyber defence programs. At an individual level, a cybersecurity attack can result in everything from identity theft, to extortion attempts, to the loss of important data like family photos. Everyone relies on critical infrastructure like power plants, hospitals, and financial service companies. Securing these and other organisations is essential to keeping our society functioning.
Everyone also benefits from the work of cyberthreat researchers, at Change we have partnered with best of breed security partners with resources of 3,500 security experts operating in 88 countries worldwide, a world-acclaimed research and intelligence unit, and the broadest ecosystem of business and technology partners with a current client base of over 100,000 organizations of all sizes across all industry verticals in 88 countries to achieve allow better experiences for in a safer digital world .
GENERAL ENQUIRY FORM
Enter the details below and we will be in touch shortly.