The IT Reseller guide to GDPR
Monday, September 11, 2017
What is GDPR and why is it important? Our guide will help all resellers make sure they implement the changes they need to before 25th May, 2018.
What is GDPR?
The EU General Data Protection Regulation (GDPR) comes into force on 25th May, 2018. Any UK organisation that processes any personal data from anyone in the EU will have to comply. So that includes anyone with an e-database, with any storage of information of clients or consumers. The new legislation is about updating the old Data Protection Act to ensure it keeps pace with modern digital developments. It’s about protecting personal data and ensuring organisations put measures in place to ensure data is safe.
What changes does GDPR make to current legislation?
The major changes reflect the exchange of personal data across borders and the need for consent and compliance. It affects businesses not in the EU (ie. whatever happens to the UK and the EU post-Brexit means any UK business who operates in the EU will have to comply). More data is incorporated under the definition of personal data; it’s about how an individual can be identified, whether through economic, cultural or a social identity. It’s about the identifiable information stored, and how long necessary information is stored. There needs to be clear consent and a clear breadcrumb trail too. Some companies will need to appoint a Data Protection Officer. There are also new requirements for data breach notifications, though the full changes are listed here.
How does a business become compliant?
As the changes affect almost all of the UK business community, many of the major cloud and tech companies who sell products, used by IT resellers, are providing guides and advice to make compliance easier. Microsoft is investing in added features and functionality so that their products and services will help companies meet GDPR requirements.
For example, one of the key requirements for GDPR is being able to identify what data you have stored and who has access to it. Azure will help companies to manage identities, particularly who has access and how to implement controls to manage that access. Azure Active Directory (AD) establishes authorised users while Azure Information Protection makes data identifiable and secure, however its stored or shared. More information can be found on AD in our previous article.
Office and Office 365 can also help to manage access to personal data. Identifying sensitive data types, like identifiable information, can help companies become GDPR compliant. It can also protect data and prevent loss. Companies will need to establish and define policies for data use, managing the life cycle of data. Customer Lockbox, eDiscovery and Advanced eDiscovery will make it easier to find metadata and to meet compliance obligations and manage access.
For IT resellers, GDPR will define a significant shift in how data is stored, managed and used. It’ll be important to be compliant, whether to manage ones’ own customer data, but also for resellers to advise their own clients. Like with any task, the earlier you start the easier it is to complete. Advising clients as soon as possible about how to ensure they are GDPR compliant, suggesting the right products and services to make the transition as simple as possible will be vital.
In the run up to GDPR’s arrival, Giacom will deliver a series of informative blog posts on what you can do to help your clients, your business and the process of how we will deliver GDPR compliance too.