Compliance is costly, only if you don’t have it!
According to new research, more than half of British businesses, organisations and the public sector have little or no understanding of the General Data Protection Regulation (GDPR), which comes into effect in May 2018.
GDPR will require organisations including the NHS across the UK and the EU to take extra steps to protect customer data and be more transparent about how it is used and has been described as the Data Protection Act on Steroids.
Research shows that 54pc of British businesses admit to having little or no understanding of the financial consequences of not complying with GDPR.
Those who fall foul of the regulation can face fines (of up to €20m [£18m] or 4pc of annual revenue) whichever is greater in the event of a data breach.
Businesses will seriously regret not being prepared and there is no ‘opt out’ for GDPR, we are all in.
Businesses will have to demonstrate that they are looking after customer data, information held is appropriate to the business, clients have given permission for the business to hold this information and the client has a right to be forgotten.
This needs to be underpinned by the recruitment of a Data Protection Officer.
It is then vitally important when disposing of hardware that the data is destroyed safely and securely, preferably on your own premises.
Concept Management are GDPR ready, can provide help and assistance, are ISO27001 and can demonstrate a fantastic track record in the disposal of redundant IT and data.
For specific advice on NHS requirements please click here.
This takes you to the NHS Digital page specifically talking about GDPR and the impact for NHS Organisations.