GDPR, data, protection, security, cyber security, customer data, flaw


Guide to General Data Protection Regulation (GDPR)

GDPR may already be set in law, but it is not due to go live until 25th May 2018. Therefore, it is likely to be an evolving subject, and this guide is simply meant as just that – a guide, looking at the new regulations from the perspective of December 2017, before the law has actually been implemented. This guide is not definitive, but rather an educated perspective based on a collection of information from multiple sources about what is known about GDPR at the time of writing.

What Is GDPR?

The General Data Protection Regulation will come into force on 25th May 2018 and is a regulation designed to set the guidelines going forward for the collection and processing of personal identity information by companies and organisations.

This new regulation replaces the 1995 EU Data Protection Directive, and will be part of EU privacy and human rights law. Under the previous directive, data laws were implemented individually in each country and were not consistent across the EU. The new regulation should bring greater consistency and harmony by bringing all data protection elements under one law for all countries.

The regulation from the EU consists of 99 articles under the guidance of 6 privacy principles, and covers data that is produced by an EU citizen, whether or not the company processing that data is located within the EU and it covers people who have stored data within the EU, whether or not they are EU citizens.

The UK was very involved in the drafting of the regulation, which was designed to make companies take the issue of data protection more seriously and to strengthen the rights that EU citizens have over their data.

The Focus

The focus of the regulation is on ensuring that businesses are transparent and protect individual privacy rights, i.e. data will be viewed more as the property (and under the control of) the individual or user rather than the business or provider.

Who Does It Apply To?

The regulation applies to all UK, EU and worldwide companies and organisations that store, process and use the data of EU citizens, including people living in the UK. It also applies to people from countries outside the EU who are currently working, staying or on holiday in the EU and UK.

What Data Does It Apply To?

The kind of data covered includes data stored on / in / at:

Paper filing systems and paper in filing cabinets and storage

Computer filing systems and databases

Mobile devices, and mobile storage devices e.g. USB sticks and external zip drives

PC and laptop hard drives

3rd party outsourcing companies e.g. accounts, payroll, telesales / marketing, cloud providers

GDPR covers organisations / groups that previously didn’t have to register under the Data Protection Act e.g. charities, sports clubs, and any group that holds personal information e.g. names, addresses, email addresses, telephone numbers, and even stored facial recognition images.

Also, one important difference is that companies will no longer need to register with the ICO, no longer need to pay a fee to them, and no longer need to disclose to them what information they intend to store about data subjects (customers and others).

A Wider Scope of ‘Personal Data

The regulation will also cover a much wider area in terms of what counts as personal data.

Under the new Regulation, any data that could identify an individual such as genetic, mental, cultural, economic or social information will count as personal data.


Globalnet has provided system support and integration works for Premier Workplace Services, now part of Crown Workspace, for the past 3 years.

The team provides excellent online and phone support as well as direct desktop support to our users. Recently they have been involved in our migration of services to our parent company’s systems.

Phil Oram, Regional Director UK, Crown Workspace
IT reoport, Essex, London, southend

DPIA – Data Protection Impact Assessments

Data Protection Impact Assessments are a mandatory way of identifying, assessing and mitigating or minimising privacy risks.

Read more
gdpr, privacy, data protection, Essex, London, southend

GDPR – The six privacy principles

There are six principles which give companies a broad, top level overview of which areas are covered by the new regulation.

Read more
cyber security, personal, data, protection, Essex, London, southend

GDPR – Data subjects’ rights

GDPR lists a range of customers’ or data subjects’ rights that must be adhered to. If you hold data on anyone, they have a right to know.

Read more
customer, consent, Essex, London, southend

GDPR – Consent

Under GDPR your company must be able to prove clear and affirmative consent to process personal data.

Read more
fine, Essex, London, southend

GDPR – Liabilities to your business

Liability and responsibility will extend to all organisations that touch the personal data of the subject / subjects.

Read more
gdpr consultant, Essex, London, southend, training

GDPR and your business

Companies need to take a fresh look at how they deal with personal data in all aspects of operations, and 3rd party business relationships.

Read more
Brexit, Essex, London, southend

Post Brexit – Data Protection Bill

This new UK Data Protection Bill will replace the Data Protection Act 1998, and will essentially transfer the EU’s GDPR into UK law post Brexit.

Read more
GDPR, compliancy, compliant, consultancy

GDPR compliancy service

Find out how Globalnet can help small businesses protect personal data and meet GDPR requirements.

Read more