SEARCH

What Will The Effect of GDPR Be On My Third Sector Organisation or Micro-Business?

GDPR Keyboard with Compliance Date

GDPR was officially enacted on May 25th, 2018, in Europe and it will likely have a significant impact on organisations of all sizes, all around the globe. Whilst in the UK the Information Commissioner's Office, (ICO) who is the country's Supervisory Authority.

Introduced to keep pace with the modern digital landscape, the GDPR is more extensive in scope and application than the previous Data Protection Act (DPA) 1998. The Regulation extends the Data Rights of Individuals, and requires organisations to develop clear Policies and Procedures to Protect Personal Data, and adopt appropriate Technical and Organisational Measures.

The Key Changes Introduced by the Regulation

The definition of personal data is broader, bringing more data into the regulated perimeter
Data privacy encompasses other factors that could be used to identify an individual, such as their genetic, mental, economic, cultural or social identity. Companies should take measures to reduce the amount of personally identifiable information they store, and ensure that they do not store any information for longer than necessary.
Consent will be necessary for processing children’s data
The rules for obtaining valid consent have been changed
The appointment of a data protection officer (DPO) will be mandatory for certain companies
Mandatory Data protection impact assessments have been introduced
There are new requirements for data breach notifications
Data subjects have the right to be forgotten
There are new restrictions on international data transfers
Data processors share responsibility for protecting personal data
There are new requirements for data portability
Processes must be built on the principle of privacy by design
The GDPR is a one-stop shop

Penalties for Non Compliance to the GDPR

On 5 April 2017 the Information Commissioner’s Office (ICO) fined 11 major charities for data protection breaches, including Cancer Research UK, Macmillan Cancer Support and NSPCC. These fines totalled £138,000 but under the GDPR regulation that became eforceable on the 25th May 2018, these fines could be significantly higher.

The ICO said that some of the charities had been fined because they had;

Screened millions of donors so they could target them for additional funds, while others had traced and targeted new or lapsed donors by piecing together personal information obtained from other sources. And some traded personal details with other charities creating a large pool of donor data for sale.

The Regulation mandates considerably tougher penalties than the DPA: organisations found in breach of the Regulation can expect administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater. Fines of this scale could very easily lead to business insolvency.

However, the ICO has consistently stated that fines are their last option and they will prefer to be seen to utilise a proportionate approach where possible. This cannot be your cue to now tread GDPR with corporate ignorance and apathy though, as this on the other hand is likely to be met with rather large raised eyebrows by the ICO, thus increasing your chances of monetary penalties.

Data breaches are commonplace and increase in scale and severity every day. As Verizon’s 2016 Data Breach Investigations Report reaffirms, “no locale, industry or organisation is bulletproof when it comes to the compromise of data”, so it is vital that all organisations are aware of their new obligations so that they can prepare accordingly.

IS Know How’s Partnership with IT Governance can help Charities, Social Enterprises and Micro-Businesses Comply with the EU GDPR.

Certified EU General Data Protection Regulation Foundation Logo

Certified EU General Data Protection Regulation Foundation (GDPR) Training Course

Avoid heavy fines and loss of reputation resulting from data breaches. Learn from the experts how the EU General Data Protection Regulation (EU GDPR) will affect your organisation. Understand the implementation path to ensure EU GDPR compliance.

Certified EU General Data Protection Regulation Practitioner (GDPR) Training Course

Learn from the experts how to meet the requirements of the EU General Data Protection Regulation (GDPR). Gain practical understanding of the tools and methods for implementing and managing an effective compliance framework, and how to fulfil the role of data protection officer (DPO).
Certified EU General Data Protection Regulation Practitioners Logo
Certified EU General Data Protection Regulation (GDPR) Foundation and Practitioner Combination Course Logo

Certified EU General Data Protection Regulation (GDPR) Foundation and Practitioner Combination Course

Learn from the experts how to meet the requirements of the EU General Data Protection Regulation (GDPR). Gain practical understanding of the tools and methods for implementing and managing an effective compliance framework, and how to fulfil the role of data protection officer (DPO).

Data Protection Impact Assessment (DPIA) Workshop

This one-day workshop is designed to provide delegates with the practical knowledge needed to perform a data protection impact assessment (DPIA) that will minimise privacy risks and comply with the UK Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR).
Data Protection Impact Assessment (DPIA) Workshop Logo

Compliance Tools:

EU GDPR Compliance Gap Assessment Tool Logo

EU GDPR Compliance Gap Assessment Tool

This EU GDPR Compliance Gap Assessment Tool has been created to help organisations kick-start their GDPR compliance project by assessing their current stance against the GDPR, helping them clearly establish areas for development, and plan and prioritise their project effectively.

EU General Data Protection Regulation (GDPR) Documentation Toolkit

Accelerate your GDPR compliance implementation project. The GDPR Documentation Toolkit delivers all the critical documents any organisation needs to ensure compliance with the new Regulation, including project documents covering data protection policy, DPO requirements, privacy impact assessments, incident response and breach reporting.
EU General Data Protection Regulation (GDPR) Documentation Toolkit Logo
EU General Data Protection Regulation (GDPR) Data Flow Mapping Tool Logo

EU General Data Protection Regulation (GDPR) Data Flow Mapping Tool

Gain full visibility over the flow of personal data through your organisation to meet the terms of the EU General Data Protection Regulation (GDPR).

The Data Flow Mapping Tool simplifies the process of creating data flow maps, giving you a thorough understanding of what personal data your organisation processes and why, where it is held and how it is transferred. The Data Flow Mapping Tool is a Cloud-based application, licensed for up to five users and can be accessed via any compatible browser.

Information & Guidance:

EU GDPR – A Pocket Guide

Gain a clear understanding of the GDPR with this essential pocket guide, which explains the terms and definitions used within the Regulation in simple terms, the key requirements, and how to comply with the Regulation.
EU GDPR – A Pocket Guide Logo
EU General Data Protection Regulation (GDPR) - An Implementation and Compliance Guide (Second Edition) Logo

EU General Data Protection Regulation (GDPR) - An Implementation and Compliance Guide (Second Edition)

This must-have guide details what you need to do to comply with the GDPR. It covers the GDPR in terms you can understand, how to set out the obligations of data controllers and processors, what to do with international data transfers, data subjects' rights and consent, and much more.

Consultancy Services:

GDPR Data Flow Audit

This is the essential step to prepare for compliance with the EU General Data Protection Regulation (GDPR).

Receive a thorough audit of the personally identifiable information (PII) in your organisation and receive a data flow map that will help you to identify where your data resides. This will enable you to implement measures to reduce your risk of an information security breach.

Meet GDPR requirements by taking this essential first step in the implementation process.

GDPR Gap Analysis

The GDPR gap analysis service provides an assessment of your organisation’s current level of compliance with the Regulation, and helps identify and prioritise the key work areas that your organisation must address post May 25th 2018.

What Next?

We've taken time to extract various aspects of information from the Information Commissioner's Office EU GDPR Guidance - do make use of it, to increase your knowledge and direction that you are likely required to head in, regarding this critical matter.

You may also be interested to read the statistics that IS Know How have extrapolated from the ICO's Quarterly based Data Security Incident Trends and specifically for 'Charitable & Voluntary' that they provide for "Data security incidents (breaches of the seventh data protection principle and personal data breaches reported under the Privacy and Electronic Communications Regulations)"

Disclaimer:

IS Know How is in no way affiliated with or working on behalf of the Information Commissioners Office. ISKH is quite simply putting forward the importance of compliance to our target audience(s). Also, to support the ICO's drive to show that Data Protection Act compliance has a positive impact on a business or organisations Cyber / Data Security Positioning. Any externally linked ICO content in the ISKH website, including PDF documents or video media, is offered for information purposes only, as is.

HOW TO GET STARTED

We have taken great care, to construct the ISKH Services and their Subscription Plans, to be as straightforward as possible, whilst furnishing both parties with all relevant information - See how easy it is to begin Mitigating today with Sentinel5.
Image of Computer Screen detailing Let
1

Select Requirement

Select your chosen Item from the above listings.
2

Follow Prompts

Follow the On-Screen Prompts to complete your Sign-Up
3

Login & Choose

Now Login to the IT Governance's Website and Choose your Preferred GDPR Related Service
4

Purchase & Complete

Purchase and Complete your Preferred Chosen Service(s).
5

Download & Begin

Download your chosen IT Governance Services Documents / Software to begin Mitigating right away.

DO MORE...

Get A
Quote

Please complete and submit this 100% No Obligation 'Request a Quote' form, to the best of your or your organisations ability, so that we can further assist you where needed.

Request FREE
30 Day Trial

Sign-up Now and enable your Third Sector Organisation for a 100% No Obligation 30-Days FREE Trial, to visualise the true benefits of IS Know How's Affordable & Proactive 'Managed Cyber Resilience Service' or 'Sentinel5'.

Speak To
An Expert

Not sure what you are looking for? Unsure how IS Know How's services will benefit your Organisation?

If you would like trusted advice from someone who can explain Data & Cyber Security Mitigation in understandable terms, please call us on 02921-679-021.

Get
Support

Need to contact us but time limited, or require IS Know How Services support? If so, Submit a New / Reply to a Ticket on our HelpDesk system here.

LIKE IT, SHARE IT

NEWSLETTER

Subscribe to Our 'Mitigation Bits & Bytes'. Sharing a Myriad of Sector & Security Focused News, Infrequent Updates about IS Know How's Managed Cyber Security Service(s), Offers, Surveys, Research, Discussions and more...

Third Sector Organisation Personnel?

By selecting 'Yes, Sign Me Up!' above, You Consent that we may Collect, Store and Process your Personal Data in accordance with Our Privacy Policy, Cookies Policy & Website Terms & Conditions.
All Newsletter Emails include an Unsubscribe / Modify Subscription link, where you may Opt-Out or Amend your Preferences at any time, or from the 'My Account' menu, if you Register for a full FREE IS Know How Account.

Proud Members Of:

IS Know How is a Proud Member of Cyber Exchange
IS Know How is a Proud Core Member of CyberWales & South Wales Cyber Security Cluster

Payments By:

Powered by Stripe Logo
Stripe Subscription Accepted Payment Cards
Powered by GoCardless Logo