- GDPR is drafted to verify that if a company collects any private data, it is fully stored and protected.
- National Cyber Security Strategy launched the Cyber Essentials (a government-backed scheme), thus making the UK a secure place to carry out online business.
- When enforcement of GDPR occurs, it requires both technological and organisational measures for the protection of personal data.
- When Cyber Essentials comes into force, it certifies and promotes primary levels of technical security against cyber-attacks.
- Data processor and controller commands the GDPR.
- Cyber Essentials consists of five technical controls; access control, secure configuration, Internet gateways and boundary firewalls, patch management and malware protection.
- Under GDPR, if there is data infraction by which any sort of damage can occur to the personal data, a firm would consider their entire customer base.
- Cyber Essentials protects a consortium for its exemption from any Internet-threat.
Insecurity and Risk Management:
- With GDPR, a vital component of maintaining and achieving conformity is an effective risk management strategy that includes; updating and checking procedures along with record accuracy, and observing processes of compliance at regular intervals.
- With Cyber Essentials, the focus is mainly on technical prudence rather than a risk management approach.
- GDPR intends to rectify change in corporate culture. It involves every single person liable for data maintenance and security to be aware of all the possible threats that organizations can encounter.
- Cyber Essentials is primarily a technical solution, structured to protect a company against and hacking and phishing by cyber racketeers.
Mandatory or not?
- There are no direct penalties for firms which are not using Cyber Essentials if they ensure the integrity of personal data and there is no absolute harm to their safety. However, companies who work with government bodies including the Defense Ministry must hold Cyber Essentials certification.
- Conversely, GDPR is obligatory. It is imperative for a firm dealing with personal data to take definite measures to concur with the regulation.
Role of ICO to GDPR:
The ICO (Information Commissioner’s Office) is the unconstrained and independent authoritative office managing information rights in the public’s interest. The organization extends over the following acts and regulations:
- Privacy and Electronic Communications Regulations
- Data Protection Act
- INSPIRE Regulations
- Freedom of Information Act
- The re-use of Public Sector Information Regulations
- Environmental Information Regulations
Tasks Performed by ICO:
According to the Data Protection Act 1998, all organizations that possess and handle personal information must register with the ICO. It monitors the organization performance and notices the type of processing. Furthermore, it is also responsible for publishing the name and addresses of the data controllers.
If any company violates the laws and doesn’t cooperate with ICO, it issues the penalties to that firm. European Union’s objective for GDPR is to certify the data protection, and that’s what ICO makes sure by providing the guidelines to the companies to comply with the ordinance of GDPR. And as a result of the infringement, ICO is responsible for charging heavily.
More on this topic: GDPR in a Nutshell: Resources to Get You Prepared