Welsh cyber-security specialists, Capital Network Solutions, are urging Welsh businesses to familiarise themselves with the upcoming General Data Protection Regulation (GDPR), which will come into place in May 2018.
The GDPR requires any business which works with information relating to EU citizens to abide by a set of strict privacy and data protection requirements. The new regulation will apply to every business across Wales.
The two central aims of GDPR are to give citizens more control over how their personal data is stored and used by businesses and to simplify the regulatory environment for international business by unifying the regulation.
Businesses with over 250 employees must employ a Data Protection Officer (DPO), while breaches in data security are also required to be reported to data protection authorities such as the Information Commissioner’s Office (ICO) in the UK, within 72 hours.
Welsh businesses may also enhance their encryption and data protection procedures, including such steps as implementing enhanced access controls and undertaking privacy impact assessments to minimise risks of data breaches.
The GDPR will also make it forbidden to hold data longer than necessary or alter the purpose for which the data has been collected and consented for use. All these steps will give customers greater control of how their data is stored, especially in the context of cloud storage services.
Mark Edwards, Managing Director of CNS, said: “Data security is extremely important in efforts to keep Welsh businesses and customer data safe from cyber threats. As these threats evolve and become more sophisticated, new regulations will be vital to combat this issue and we welcome the introduction of GDPR. Welsh Businesses need to ensure that they comply and play their part in keeping customer data safe and secure.”
Capital Network Solutions offers consultancy on becoming GDPR compliant, and can help implement standards such as IASME which now includes an assessment against the key controls of GDPR.
CNS has recently established itself as one of the biggest Cyber Essentials certification bodies in the UK after certifying its 750th customer last month.
More detailed GDPR information can be found here
