On 25 May 2018 the new EU General Data Protection Regulation (GDPR) comes into force (this includes the United Kingdom regardless of its decision to leave the EU) and will impact each and every organisation that holds or processes personal data. It introduces new responsibilities, including the need to demonstrate compliance, more stringent enforcement and a significant increase in penalties compared to the current Data Protection Act (DPA) that it will supersede.
Simply put, individuals will now have greater say over how, why, where and when their personal data is gathered, processed and disposed of. Any organisation that works with EU residents’ personal data in any manner, irrespective of location, has obligations to protect the data.
If you hold and process personal information about clients, staff or suppliers, you are legally obliged to protect that information.
OES has always honoured our customers’ right to data privacy and protection. We have demonstrated our commitment by adhering to the current UK Data Protection policy, and now we are revising our own internal policies in order to meet the requirements of the GDPR.
OES is, and has always been, committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards, we will ensure that we will comply with applicable GDPR regulations when they take effect. This includes our role as a data processor, whilst also working closely with our customers and partners to meet contractual obligations for our procedures, products and services.
What we are doing to help our customers
OES is fully aware of our role in helping to provide the right tools, systems and processes to support our customers’ need to meet their GDPR mandate. We are also aware of where our responsibility starts and finishes and where it is more prudent to recommend or liaise with other professional services organisations to help our customers to meet the requirements of GDPR beyond the realms of IT.
As a data processor, OES understands our obligation to help customers get ready for 25th May and beyond. We have thoroughly analysed GDPR requirements and we have in place a number of systems, processes, products and services to assist your company to meet them.
What you can do to prepare for GDPR
We understand that meeting the GDPR requirements will take a lot of time and effort. As your IT partner, we want to offer as much help as you require to make the process as seamless as possible. If you are just getting started with GDPR compliance in your organisation, here is a quick to-do list to
keep in mind: