New EU legislation, GDPR (General Data Protection Regulation) comes into effect on the 25th May 2018, and the countdown is on for businesses to be ready for when it goes live, or risk facing huge fines.
If you’re reading this article, you’ll know GDPR is the hot topic for discussion today for IT directors and compliance officers. Its introduction brings the biggest changes in the management and ownership of data seen in the last 20 years, with many debates over exactly what the new law will mean and how it will affect businesses.
What is clear is the significant change it brings to the relationships businesses have with their data processors, i.e. any third party suppliers your business uses for its business operations, who must now deliver on a new level of security in how they capture, store, process and manage data on your behalf.
The description below by the EU in Article 4 of Controller and Processor offers further clarity on the definition of the role of the processor:
In short, a data controller specifies how and why personal data is processed, while a processor conducts the actual processing of the data. The controller will, therefore, be legally responsible for ensuring their processor abides by data protection law.
The role of processors includes managed services providers, and in a recent GDPR report by IT Europa provides useful guidance on the changes in the way your business should start to plan on how to work with them.
For example, new clauses to be factored in your contracts should include:
The onus is on you, and your business to ensure your managed service partners have the right processes and systems in place to achieve the extra level of data security awareness required for GDPR compliancy. Or, are at the very least actively reviewing how to achieve them.
This is no small task for your business to track, audit and ensure every supplier and partner does not become a potential point of failure towards your business becoming GDPR compliant.
At the moment you put your trust in their professional services, but ‘trust with verification’ brings a new level of additional peace of mind for you.
Digital Craftsmen, a specialist managed cloud services provider has attained the international ISO27001 certification, which means they have been independently audited for their security processes and systems, and are verified to be best in practice. This ‘trust with verification’, brings you one step closer towards successfully achieving GDPR compliancy, and securing your peace of mind.
If you’ve not started preparing for GDPR compliancy yet, we can recommend the following seven steps by the Cloud Industry Forum which offer a good starting point to get you started: