Data Protection - GDPR

EnzoMC

Member
Messages
1,998
been taking breaks on here from reading pages about this

so first point is a massive well done to all those that are ready for GDPR (May 2018) and for those who are just starting maybe this thread will help us....

for those who don't know about GDPR and have a business that holds personal data - I would highly suggest you looking into this as GDPR is a data protection law and has very high fines of £20m or 4% of turn-over which ever is higher

personal data I understand also now includes public IP addresses and also business email addresses which was a surprise, one subject 'right to erasure' is one that has come up with no solution to backups - how do you remove personal data from months of backups ? I'm not sure this will be enforced but currently understand as long as you have a procedure you maybe OK


I started about a month ago and I know we have a few business / IT guys on here and want to see if you have any recommendations on security partners or guide lines for GDPR - I know their is no magic tick list as the gov. GDPR document depends on interpretation and I know this is GDPR subject is massive. I'm pushing for this to be a business project but at the moment its with me so any guide lines would help


info:
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/644822/GDPR_document.pdf

https://www.eugdpr.org/

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/




Matt - hope this is OK to post, please delete if not
All - I ask very kindly please treat this thread as a helpful resource
 

hilts uk

Member
Messages
945
been taking breaks on here from reading pages about this

so first point is a massive well done to all those that are ready for GDPR (May 2018) and for those who are just starting maybe this thread will help us....

for those who don't know about GDPR and have a business that holds personal data - I would highly suggest you looking into this as GDPR is a data protection law and has very high fines of £20m or 4% of turn-over which ever is higher

personal data I understand also now includes public IP addresses and also business email addresses which was a surprise, one subject 'right to erasure' is one that has come up with no solution to backups - how do you remove personal data from months of backups ? I'm not sure this will be enforced but currently understand as long as you have a procedure you maybe OK


I started about a month ago and I know we have a few business / IT guys on here and want to see if you have any recommendations on security partners or guide lines for GDPR - I know their is no magic tick list as the gov. GDPR document depends on interpretation and I know this is GDPR subject is massive. I'm pushing for this to be a business project but at the moment its with me so any guide lines would help


info:
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/644822/GDPR_document.pdf

https://www.eugdpr.org/

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/




Matt - hope this is OK to post, please delete if not
All - I ask very kindly please treat this thread as a helpful resource

Also undertaking this task for my business. I honestly think 90% of businesses won't be ready in time. We are building a plan and investing in IT but the lead time is significant. Our compliance officer believes the main thing is to be able to demonstrate is awareness and that you are moving in the right direction. I believe ICO (the regulator) will be understaffed to deal with enforcement so I would expect they will leave businesses alone for a period. Seems to be a massive burden on small businesses in particular.
 

EnzoMC

Member
Messages
1,998
Also undertaking this task for my business. I honestly think 90% of businesses won't be ready in time. We are building a plan and investing in IT but the lead time is significant. Our compliance officer believes the main thing is to be able to demonstrate is awareness and that you are moving in the right direction. I believe ICO (the regulator) will be understaffed to deal with enforcement so I would expect they will leave businesses alone for a period. Seems to be a massive burden on small businesses in particular.

yep totally agree that most should be OK if you show awareness and that you are working towards compliancy on GDPR however if you have a beach after May 2018 and the data was not protected then I think you will get roasted but as you said understaffed so how long before your breach expires
 
G

Guest 1678

Guest
Just about to start the process for my American organisation with a base in the UK.

It will be interesting as we work in the telecommunication sector and application IP address maps, phone no’s for testing etc can be used on our platforms. Even better we can deploy test systems on public cloud infrastructure. Feels like I have a lot of explaining to do.

I have my first interview with the lawyers next week!
 

EnzoMC

Member
Messages
1,998
Just about to start the process for my American organisation with a base in the UK.

It will be interesting as we work in the telecommunication sector and application IP address maps, phone no’s for testing etc can be used on our platforms. Even better we can deploy test systems on public cloud infrastructure. Feels like I have a lot of explaining to do.

I have my first interview with the lawyers next week!


this is the part I don't get, everyone on the global needs to comply with GDPR if they store or use european data... GDPR is a good thing which should start to stop junk mail and random calls but who from the EU Gov is going to go to India or any other part of the world to fine them.


one part of GDPR that I read yesterday is you can no longer us live/real personal data for testing without permission from the person. well how would that person know if you used it, don't think they would but if you get a breach on a test system with live data - oh well game over....

make sure you have lots of coffee and good luck - lets us know if you find out anything interesting on GDPR
 

conaero

Forum Owner
Messages
34,593
Well, this is going to be a headache for us as we store loads of data online. We are hitting it first week back in the New Year but its going to be a right ball ache.

...and just imagine the PPI type companies that will be out there, why oh why oh why!
 

CatmanV2

Member
Messages
48,547
Guys this is exactly what my part of our company does. Or at least part of it as we are data storage specialists (I work on the IT / Operations side so have no sales interest other than at bonus time)

Can't promise to get you good deals, but I can certainly get you in touch with people who will know their **** on this.

Feel free to PM me for contact details etc

Cheers

C