GDPR & NIS
The General Data Protection Regulations (GDPR) replace the UK Data Protection Act (DPA). The Network & Information Security Directive (NIS) is aimed at increasing cyber defences in Critical National Infrastructure. Both GDPR and NIS become law in May 2018.
Brexit will have no effect on either GDPR or the NIS. If you deal with or handle European citizen data you must comply with the GDPR regulation. Both the UK government and the Information Commissioners Office (ICO) have said that we will fully comply with the GDPR legislation.
NIS is vitally important to the protection of UK plc and the economy and will also become law for “Operators of Essential Services” (OES). Those OES will have to take appropriate and proportionate security measures to manage risks to their network and information systems, and they will be required to notify serious incidents to the national authority.
The fines for a data breach, or in the case of the NIS, a failure of systems will be huge. And could be as much as 4% of the global annual turnover of your organisation or 20,000,000 EUR whichever is the greater.
- There will be a requirement for compulsory breach notification
- Requirement for adequate security measures
- Data Protection Officer requirement
- The right to be forgotten
- Pseudonymisation / Anonymisation of user data
There are many other provisions and requirements that will require time and expertise to ensure compliance. We are helping our clients to meet the requirements of the new law