IT Consultancy
Project Management
Data Protection
Network Design
WAN & VPN
Wi-Fi & Guest Portals
Cloud (AWS/Azure)
Server Infrastructure
Active Directory
Storage
Backup & DR
5-Step Cyber Health Check
NCSC Cyber Advisor
Virtual CISO
Virtual DPO
Accreditation
Secure Architecture
Vulnerability Scans
Secure Destruction
Incident Response
Windows Applications
Mobile Apps
Web Applications
Internet of Things
Artificial Intelligence
Data Compliance
Database Design
Support Home
News & Blogs
FAQs
Contact Us
CompanyData Protection
Introduction
The General Data Protection Regulation is a EU regulation on data protection and privacy for citizens of the European Union and the EEA, with the aim to give control of personal data to individuals. The regulation superseeds existing data protection laws within the EU, and is incorporated into the UK’s Data Protection Act 2018.Organisations who process or store personal data (controllers) must put appropriate technical and organisational measures in place to implement the data protection principles. No personal data should be processed unless the processing is done under a lawful basis specified by the regulation, or unless the data controller or processor has received consent from the data subject (the data subject has the right to revoke this consent at any time).
A processor of personal data must disclose any data that it collects, declare the lawful basis and purpose for data processing, state how long data is being retained and if it is being shared with any third parties.
Public bodies and businesses whose core activities consist of regular or systematic processing of personal data are required to employ a data protection officer (DPO), who is responsible for managing compliance with the GDPR. Businesses must report any data breaches to the Information Commissioner’s Office (ICO) within 72 hours if they have an adverse effect on user privacy.
Public bodies and businesses whose core activities consist of regular or systematic processing of personal data are required to employ a data protection officer (DPO), who is responsible for managing compliance with the GDPR. Businesses must report any data breaches to the Information Commissioner’s Office (ICO) within 72 hours if they have an adverse effect on user privacy.
How we can
help you.
Our security architects are on hand to help you with any data protection issues, with expert advice and guidance.
Call
Contact Us
Policies/Procedures
We can advise you and review your data protection procedures and policies.
Risk Assessments
We can perform data protection impact assessments to analyse the risks.
Training
We can offer training to your staff on data protection issues and elements of GDPR.
Consultancy
Our consultants are experts in their field, and are at hand to help you throughtout the process.
Services
Jovasi Technology can help your organisation with any data protection issues (including GDPR and DPA2018), and comply with data protection regulations. If your organisation requires formal recognition of its compliance with GDPR regulations, then we are able to offer the IASME certification, which includes GDPR at its core. Our IASME assessors are certified GDPR assessors who have assessed GDPR for several major companies and local government.
Onsite or remote consultancy.
Quote
All Data Protection advisors are CISSP qualified and are certified through IASME.
Additional Services
Jovasi Technology also offers a Virtual DPO service, where we provide support with all your data protection requirements, and a GDPR Certification service.Frequently Asked Questions
- When did GDPR come into effect?
The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation took effect after a two-year transition period and, unlike a Directive, did not require any legislation to be passed by government. GDPR came into force on 25th May 2018. - Who does the GDPR affect?The GDPR not only applies to organisations located within the EU but also applies to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
- What are the penalties for non-compliance?Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors – meaning ‘clouds’ are not exempt from GDPR enforcement.
- What constitutes personal data?The GDPR applies to ‘personal data’, meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
- What is the difference between a data processor and a data controller?A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.
- Do I need a DPO?There are 3 main points to consider: It is a public authority or body, does it's core activities involve processing personal data and does it's activities involve processing special category data.
