Safe Harbour – Preparing for the New Data Protection Laws
With ever-evolving tech and more of our data going online by the day, it’s no secret that the law has struggled to keep up. There have been many developments in Data Protection laws recently, and although it sounds about as much fun as a hole in the head, in the wake of the Safe Harbour ruling and with tougher EU privacy rules (in the form of the draft Data Protection Regulation) expected to come into force in early 2017, it’s more important than ever that you know what all of it means for your data, and your customers’, and prepare accordingly.
The new bill will affect everyone collecting or storing data online or in the cloud so burying your head in the sand is no longer an option. The grace period for due-diligence ends Jan 16th 2016, so by then you must know where your data is, the laws that govern it, what you need to do to secure it, and the very real price you will pay if you don’t.
Data protection laws exist to strike a balance between your right as an individual to privacy and the ability of organisations to use data for the purposes of their business. The bill extends an obligation to ensure appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data to anyone who stores other people’s personal data.
When the changes come in, the bill and the new data protection laws are really going to start to have some teeth. The finer points are still being debated but a few of the big things it’s expected to include are much higher fines for non-compliance based on a percentage of turnover and more prescriptive rules around fair processing of personal data; more accountability and far more fines and enforcement by the Information Commissioner.
In order to comply with the current Data Protection Act, a data controller (people who determine how data is processed) must comply with the following eight principles:
There are many more in-depth requirements of data controllers and when processing data which you should investigate further independently, because you’d be reading this blog forever if I listed them all here.
One of the points above worth highlighting though is that as well as knowing where your data is at all times, you need to ensure that you’re securing your data effectively with ‘appropriate measures’ against attackers and data loss. For many businesses this will mean outsourcing your security to an accredited third party that can deal with everything from firewalls to penetration testing.
Financial – the most obvious and immediate issue is that you and your clients will probably lose money if you experience an attack. You’ll experience the joy of some hefty non-compliance fines, which are currently in the region of £500k, but the expectation is in future this will move to a percentage of your overall worldwide turnover.
Operational – the time it will take to get your business back on its feet and potentially moving your data. And lost time means lost revenue.
Reputation – potentially the worst in the long term, reputation is easy to lose and hard to get back.
Romax customers don’t have to worry about the concerns relating to Safe Harbour as we keep all our customer data in our on site server and backed up to a UK-based, IS27001 and PCI compliant UKFast data centre, so you can be assured more stringent UK laws govern the protection of your data.
Being IS27001 compliant and/or using UKFast who are ISO27001 compliant gives both customers and the Information Commissioner assurance that they have taken “appropriate technically and organisational measures” to protect data.
Romax clients aren’t affected by any of the Safe Harbour ruckus, but if the company that you host with doesn’t keep their data on British soil you could be; and no matter who you are the expected DP changes will affect you, so here’s what you need to know. Romax use UK Fast for our cloud back up and have an onsite server for secure data storage. Watch a Microsoft video report about our IT investment.
Source Content courtesy of UK FAST 27 Oct 2015 by Katherine Kelly.
Romax Marketing & Distribution, a Greenwich-London based company, provides a wide range of services in Direct Marketing for B2B and B2C, Direct Mail, Data Management, Printing, Discount Postage and Membership Communication Services and Consultancy. Contact us: email@example.com +44 (0) 20 8293 8550