If you’re wondering if GDPR (General Data Protection Regulation) applies to your business, read on. Here’s why you need to take notice of the rules of the GDPR, and how to comply with Article 5.

GDPR - what you need to know

GDPR and UK law

The GDPR is an EU regulation but is also now part of UK data protection law – now known as the UK GDPR.

The UK GDPR and DPA 2018

The UK GDPR is partnered together with the Data Protection Act 2018 and was incorporated in UK law at the end of 2020.

What UK GDPR means is that you should not be handling the data of EU or UK citizens if you cannot comply with Article 5, and that means having supported, compliant systems of ‘appropriate security’.

What is Article 5?

Article 5 of the GDPR states that data is:

‘processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures’.

Don’t fall foul of the risks

The key phrase of Article 5 is ‘appropriate security of the personal data’.

This means that your systems holding personal data should be secure and protected against threats, loss and corruption. As a quick rundown, if any of the following apply to your business, you risk noncompliance with GDPR:

  • Your IT security could be better

If server locations and mergers are ad hoc and you have no idea if software updates are being run or not, there could be holes in your security that need fixing.

  • No password policy

If staff have memorable passwords or the same one for many years, these present vulnerabilities to cyberattacks.

  • A low level of cybersecurity

Are you protected against cyberthreats, ransomware attacks and phishing? Do your staff know how to spot a fake email? If any of the answers are ‘no’ or ‘don’t know’, you are vulnerable.

  • Inadequate backup

What is your ability to restore operations should you have a disaster? Robust backup procedures and disaster recovery plans means your data and ability to function safely remain secure.

  • You’re still running Windows 7

You are completely unsupported if this is the case; operating entirely without security updates and completely unsafely when it comes to personal data.

If your IT is supported, the chances are your GDPR compliance is in good shape

Managed IT support takes care of all the above security issues and non-compliances, with the effect that your GDPR compliance and duty of security towards personal data is taken care of. Not to mention the other benefits that security, backup and ease of operation will bring to your business.

CloseComment or share
  • Facebook logo
  • LinkedIn logo
  • Medium logo
  • Twitter logo

< Read more articles on our IT Academy

Business services like IT support, when they work properly, are a true partner to business. Here’s what it’s like when your IT support is a true partner.

Read more

If it can happen to McAfee, UNICEF and eBay…

It’s a wake-up call for brands – the SubdoMailing attack sees 8000 household names’ domains hijacked and exploited. Here’s why and how to protect your brand.

Read more