Contact Us

Contact Us

Please get in touch using the form below

I prefer to be contacted by:
View our privacy policy
Learn how to validate the effectiveness of your cyber security controls. Join our webinar on September 8th.

Overview

The GDPR - ensuring a high level of data protection across the UK and Europe

The General Data Protection Regulation (GDPR) is one of the most wide-ranging pieces of legislation passed by the EU in recent memory. It was introduced to standardise data protection law across the single market and give people in a growing digital economy greater control over how their personal information is used.

Scope

Who does the GDPR apply to?

All organisations that process personal data and operate within, or sell goods to the EU are impacted by the GDPR. The definition of processing is designed to cover practically every type of data usage and includes collection, storage, retrieval, alteration, storage and destruction.

The GDPR applies to both data ‘controllers’ and ‘processors’. Data controllers determine the purpose and manner in which data is processed. Data processors are any third-party undertaking data processing on behalf of a controller.

Brexit

How does Brexit affect the GDPR in the UK?

In the UK, the requirements of the GDPR are implemented and ratified by the Data Protection Act 2018.

Under the UK’s Brexit Withdrawal Agreement Bill, a transition period will run until December 31, 2020, during which time the GDPR and DPA will continue to apply side-by-side. During this transition phase, the UK and EU will attempt to negotiate a new data privacy arrangement, but the UK government has stated that the majority of GDPR and DPA provisions are likely to remain in place.

Personal data

What is personal data?

Article 4 of the GDPR defines personal data as ‘any information relating to an identified or identifiable natural person’. For most organisations, this means implementing appropriate measures to protect information relating to employees, customers and partners. The GDPR expands the definition of personal data to include all information that could be used to indirectly identify individuals. Other examples of personal data include:

  • ID numbers
  • IP addresses and cookie IDs
  • HR records
  • Customer contact details
  • Health records
  • Biometrics
  • CVs and employment details
  • CCTV and call recordings

Need advice or help from our friendly team?

Get in touch

GDPR v DPA

How does the GDPR differ from the Data Protection Act (DPA) 1998?

Personal information

An expanded definition of personal information to include online identifiers such as IP addresses.

Increased sanctions

An increased level of fines for organisations that fail to comply and/or suffer a personal data breach.

Data Protection Officers

The need for some organisations, such as public authorities, and those that process large amounts or special categories of data, to appoint a Data Protection Officer.

Consent

A tightening of the consent rules governing the collection and use of personal information.

Right to be forgotten

The right for individuals to be forgotten, by requesting the erasure of their personal data from company records.

Privacy by design

Promotion of privacy by design - ensuring data protection is taken into account at every stage of a product development process.

Article 5 Principles

Personal data shall be...

Processed lawfully, fairly and in a transparent manner
Collected for specified, explicit and legitimate purposes
Adequate, relevant and limited to what is necessary
Accurate and, where necessary, kept up to date
Retained only for as long as necessary
Processed in an appropriate manner to maintain security

Protecting personal data

The importance of ensuring the security of personal data

In order to ensure ongoing data security, principle six of the GDPR states that personal data should be processed in an appropriate manner.

Protecting personal data against unauthorised processing, accidental loss and destruction forms an integral part of measures all organisations should take.

Read our GDPR compliance guide
A cloud environment being monitored for threats

GDPR Solutions

Tailored solutions for GDPR compliance

By helping you to understand and address gaps in your organisation’s cyber security as well as proactively detect and respond to threats when they occur, Redscan’s managed security and assessment services support swift, hassle-free GDPR compliance.

ThreatDetect MDR

Managed Detection and Response

Award-winning support to rapidly detect and respond to the latest threats 24/7

Read more
A range of security assessment services

Assessment Services

Specialist engagements to uncover and address hidden cyber security risks

Read more
A person choosing from a range of Managed Security Services

Managed Security Services

Expert help to manage and monitor your choice of security technologies

Read more

Get in touch

Complete the form for a prompt response from our team.

I prefer to be contacted by:
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
5th August 2020
INTERPOL assessment of Covid-19 impact shows cybercriminals shift focus from small to large organisations
INTERPOL has identified that COVID-19 has led to a significant change in focus by cybercriminals from individuals and small businesses to government, major corporations and critical infrastructure.  It has also stated that a further increase in cybercrime is very likely in the near future.    
4th August 2020
Covid-19 pandemic led to an increase in cyber-attacks for most UK organisations
Recent research has identified that 92% of organisations in the UK saw an increase in cyber-attacks due to Covid-19. The three top challenges were: identifying new personal computing devices on the network, overloaded VPN capacity issues and increased security risks from video conferencing.
28th July 2020
State of security across universities FoI report
We sent FoI requests to 134 UK universities to understand how well prepared they are to protect staff, students and vital research against cyber threats. The results painted a mixed picture. Read our report here.
20th July 2020
UK is the second most targeted country for “serious” cyber-attacks
New research suggests that the UK is the second most targeted country for “serious” cyber-attacks, defined as ones which target government agencies, defence and high-tech companies.