Cookie Notice

We use cookies to analyse site traffic and optimise your browsing experience. Accepting necessary cookies is required to provide you with a minimum level of service. Read Cookie Statement

Get In Touch
Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
I prefer to be contacted by:
View our privacy policy
Experiencing a breach? Get emergency incident response assistance.

Overview

The GDPR - ensuring a high level of data protection across the UK and Europe

The General Data Protection Regulation (GDPR) is one of the most wide-ranging pieces of legislation passed by the EU in recent memory. It was introduced to standardise data protection law across the single market and give people in a growing digital economy greater control over how their personal information is used.

Scope

Who does the GDPR apply to?

All organisations that process personal data and operate within, or sell goods to the EU are impacted by the GDPR. The definition of processing is designed to cover practically every type of data usage and includes collection, storage, retrieval, alteration, storage and destruction.

The GDPR applies to both data ‘controllers’ and ‘processors’. Data controllers determine the purpose and manner in which data is processed. Data processors are any third-party undertaking data processing on behalf of a controller.

Brexit

How does Brexit affect the GDPR in the UK?

A montage of compliance related security images

In the UK, the requirements of the GDPR are implemented and ratified by the Data Protection Act 2018.

Under the UK’s Brexit Withdrawal Agreement Bill, a transition period will run until December 31, 2020, during which time the GDPR and DPA will continue to apply side-by-side. During this transition phase, the UK and EU will attempt to negotiate a new data privacy arrangement, but the UK government has stated that the majority of GDPR and DPA provisions are likely to remain in place.

Personal data

What is personal data?

Article 4 of the GDPR defines personal data as ‘any information relating to an identified or identifiable natural person’. For most organisations, this means implementing appropriate measures to protect information relating to employees, customers and partners. The GDPR expands the definition of personal data to include all information that could be used to indirectly identify individuals. Other examples of personal data include:

  • ID numbers
  • IP addresses and cookie IDs
  • HR records
  • Customer contact details
  • Health records
  • Biometrics
  • CVs and employment details
  • CCTV and call recordings

Need advice or help from our friendly team?

Get in touch

GDPR v DPA

How does the GDPR differ from the Data Protection Act (DPA) 1998?

Personal information

An expanded definition of personal information to include online identifiers such as IP addresses.

Increased sanctions

An increased level of fines for organisations that fail to comply and/or suffer a personal data breach.

Data Protection Officers

The need for some organisations, such as public authorities, and those that process large amounts or special categories of data, to appoint a Data Protection Officer.

Consent

A tightening of the consent rules governing the collection and use of personal information.

Right to be forgotten

The right for individuals to be forgotten, by requesting the erasure of their personal data from company records.

Privacy by design

Promotion of privacy by design - ensuring data protection is taken into account at every stage of a product development process.

Article 5 Principles

Personal data shall be...

Processed lawfully, fairly and in a transparent manner
Collected for specified, explicit and legitimate purposes
Adequate, relevant and limited to what is necessary
Accurate and, where necessary, kept up to date
Retained only for as long as necessary
Processed in an appropriate manner to maintain security

Protecting personal data

The importance of ensuring the security of personal data

In order to ensure ongoing data security, principle six of the GDPR states that personal data should be processed in an appropriate manner.

Protecting personal data against unauthorised processing, accidental loss and destruction forms an integral part of measures all organisations should take.

Read our GDPR compliance guide
A cloud environment being monitored for threats

GDPR Solutions

Tailored solutions for GDPR compliance

By helping you to understand and address gaps in your organisation’s cyber security as well as proactively detect and respond to threats when they occur, Redscan’s managed security and assessment services support swift, hassle-free GDPR compliance.

ThreatDetect MDR

Managed Detection and Response

Award-winning support to rapidly detect and respond to the latest threats 24/7

Read more
A range of security assessment services

Assessment Services

Specialist engagements to uncover and address hidden cyber security risks

Read more
A person choosing from a range of Managed Security Services

Managed Security Services

Expert help to manage and monitor your choice of security technologies

Read more

Get in touch

Complete the form for a prompt response from our team.

Two Redscan team members analysing cyber security intelligence

1000 characters left
I prefer to be contacted by:
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
30th May 2023
Half of UK CEOs view cyber as a bigger business risk than the economy
50% of UK CEOs see cyber security as a bigger risk to their company than economic uncertainty, according to new research.  
22nd May 2023
Warning of increase in business email compromise (BEC) Attacks
A new report is warning about a surge in business email compromise (BEC) attacks and the changing tactics used by cyber criminals.  
15th May 2023
Ransomware victim numbers surge by 27%
The number of ransomware victims listed on data leak sites increased by 27% year-on-year in April, with manufacturing the most affected industry, according to a new report.  
9th May 2023
Three-quarters of companies predict a breach in the year ahead
The majority of businesses around the world anticipate that they will experience a data breach or cyber-attack in the next 12 months, according to new research.