24.05.2018
News
GDPR and Cyber Protection Seminar

With GDPR firmly in everyone’s sights we ran a seminar at the Oxford Belfry Hotel for our clients and business contacts.

Presenting were Will Richmond Coggan from Pitmans Law and Stephen Ridley from Hiscox Insurance. They covered the new law, it’s impact for businesses and cyber protection.

What did we learn?

At the centre of GDPR is a new set of rules designed to give EU citizens more control over their personal data. Fundamentally almost every aspect of someone’s life evolves around data.  The new law is seeking to bring more transparency to people about what businesses collect about them and what organisations use it for as well as enabling people to prevent unnecessary data collection.

GDPR compliance means that not only will organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect it and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners – or face the fines for not doing so.

Data breaches inevitably will happen. Information gets, lost stolen, hacked and can be released into the hands of people who were never intended to see it and often those people may have malicious intent.

GDPR breach notification

Once the new law comes into force it will introduce a duty for all organisations to report certain types of data breaches, which involve unauthorised access to, or loss of personal data to the relevant authority.

So if name, address, date of birth, bank details, or any private or personal data about customers is breached the organisation is obliged to tell those affected as well as the relevant regulatory body.

When does an organisation need to make a notification about a breach?

The breach must be reported to the relevant supervisory body within 72 hours of the organisation first becoming aware of it.

Can you just ignore it?  

No, it won't go away. GDPR might seem complex, but the reality is that it is consolidating principles which already form part of the current UK Data Protection Act. The breach notification and ensuring someone is responsible for data protection are part of the key changes. These areas must be addressed or you could run the risk of a fine.

There is no 'one size fits all' approach each business needs to examine what exactly needs to be achieved to comply and who is the data controller who has taken responsibility for ensuring it happens.

To find out more about how you can protect your business click here to read our cyber and data insurance helpful fact sheet.

We also sent out to our guests a handy proposal form. Click here to download it.  The more yes’s you have when you complete it the more compliant you are. The more no’s you get, the more work you may need to do.

If you would like to know more or simply want to sit down and discuss it why not give us a call on 01494 450 450 or you can send us an email to insure@jbennett.co.uk  and we'll get straight back to you.