Subscribe to GEN
Login to GEN
Before GDPR, data protection was a fairly simple exercise, ensure the systems are secure, limit access to those who need it and encrypt if possible, and don't keep data indefinitely.
After GDPR, this is now a minefield with a significant number of companies not fully compliant. Becoming compliant isn't hard, but understanding exactly what the path to compliance is, is. At GEN we've lived the GDPR journey since its inception in 2018 and as a 'data processor' we must of course be fully compliant.
To complicate matters, we have the following live data protection legislations in the UK, many of which overlap or contradict. The UK seems content to pump out digital legislation at a rate without considering existing legislation or the complexity of operation. The most recent Online Safety Bill 2024, is a great example of legislation authored by politicians who have no understanding of how technology works, and the majority of it is as close to nonsense as you can possibly get without it being satire, yet, the police will not delay in trying to enforce it.
There can be no doubt that navigating this minefield of legislation is a challenge, but through the use of technology, we can greatly simplify compliance, and take much of the manual work out of the equation.
The biggest issue with GDPR is that the legislation was written by lawyers and politicians, not business owners. The language is terrible, its often contradictory, and its meaning is often unclear. That being said, when you've worked with it for a while it becomes much easier to implement and comply. Our consultants are experienced in GDPR and data protection as a whole and will be able to quickly identify any area's of non-compliance and suggest solutions. Please consider reading our Blog post about GDPR and Cloud Hosting.
If you store personally identifiable information, then you MUST take all reasonable steps to protect it. This means, from a systems point of view that you need to employ encryption and ensure that your computer systems are secure from outside threats. Having a data breach, no matter how small can be a business-ending event, and GEN can provide a full complement of security analysis and penetration testing services to plug up any weaknesses in physical or network security. We can also provide user training, and regular user testing to ensure that your staff are taking security seriously.
There is no requirement in the UK to be audited for GDPR compliance, but some companies feel that an audit of their processes makes sense to comply with other regulation such as BSI9001 or PCI-DSS. We are more than happy to provide an audit of your processes and highlight any weakness or areas of possible improvement.
GDPR gives the general public some reaching powers to request access to their data, make updates, have it removed (withdrawal of consent) and more. You must comply with these requests if they are made, and the penalty for not doing so can be severe. We have a series of software systems that allow people to 'self-serve' these functions, easily integrating with your existing systems and processes.