The EU General Data Protection Regulation (GDPR) is due to come into place in May 2018 and is set to replace elements of the current Data Protection Act 1998. This regulation will create new legal obligations which will have a significant impact upon the way in which organisations handle personal data.
Whilst Premex Group companies will communicate regularly with suppliers and customers, we recommend that all companies utilise the ‘What’s New’ section of the ICO’s GDPR web site for regular updates.
How is my organisation affected?
The UK government has confirmed that the UK’s decision to leave the EU will not affect the introduction of the GDPR. So all companies operating in the UK which process personal data will be in scope for complying with the regulation.
Unlike the Data Protection Act the controls, under the GDPR will have an impact on both ‘controllers’ and ‘processors’ of personal data.
The GDPR will introduce new rights for individuals such as the Right to be Forgotten and the Right to Data Portability, these rights will need to be integrated into the operational controls administered by data processors and controllers.
The regulation will also introduce mandatory breach reporting to the ICO and the Data Subject. Fines for breaches of the GDPR will also be considerable in monetary value.
The Premex approach to information security
In 2014, the ExamWorks family of companies in the UK embarked on a project to re-engineer its businesses, so that data security became a fundamental part of every process. We chose to pursue the internationally recognised ISO 27001 certification to demonstrate our commitment to information security and continue to set the standard in our industry as the market leaders.
In 2016 we achieved certification against the ISO 27001 standard across our sites at Bolton and Durham, providing customers with complete assurance of our commitment to protect all data.