The new EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Coming into force on 25th May 2018 (regardless of the UK’s decision to leave the EU), the regulation will impact every organisation which holds or processes personal data, introducing new data management responsibilities and data protection regulations.
The enhanced regulation replaces the Data Protection Directive 95/46/EC and is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data protection. It serves to protect the personal data of anyone in the EU; if you are a EU citizen or simply live, work or travel through the EU then you and your personal data are in scope.
The GDPR is under-pinned by more rigorous enforcement and increased penalties for non-compliance or data protection breaches than the current Data Protection Act and all organisations should be aware and reviewing their data management procedures.
As has always been the case, Tascomi will continue their commitment to high standards of information security, data protection, privacy and transparency and will comply with applicable GDPR regulations when they take effect in May 2018. As a data processor, Tascomi place a high priority on protecting and managing data in accordance with accepted standards including Tascomi’s certified ISO 27001 and Cyber Essentials processes.
Our experienced team will continue to work closely with our customers and partners to meet contractual requirements for our internal procedures, solutions and services, through two main areas of focus in preparing for GDPR:
1. To ensure Tascomi’s compliance for GDPR by reviewing and enhancing as appropriate our existing security management systems and certifications, including ISO 27001 and Cyber Essentials Certification.
2. To review our products and solutions to ensure they support compliance of GDPR for our customers.
Tascomi employs a controlled Information Security Management System (ISMS) that tracks all of Tascomi’s data management policies and procedures including ISO 27001. In addition to ISO 27001, Tascomi have achieved Cyber Essentials certification. The Cyber Essentials Scheme is a HM Government-backed and industry supported initiative to guide businesses in protecting themselves against cyber threats.
The scheme has been developed as part of the UK’s National Cyber Security Programme. Dr Richard Martin, Tascomi Managing Director, commented: “We are proud to have achieved Cyber Essentials certification as it demonstrates to our customers that we continue to take cyber security seriously. We have taken essential precautions regarding cyber threats and our customers can be assured that our cloud-based software solutions have been assessed to the highest level of security standards that this Government-backed scheme provides.”
As a data processor, the company is undertaking risk assessments to include more detailed consideration of the data we hold including a data protection impact analysis of personal information stored and processed. Policies such as data incident response plans and backup data retention will be reviewed and updated as appropriate.
To ensure compliance with GDPR, we will implement additional controls to meet GDPR requirements within the ISMS, updating and enhancing policies as necessary. Tascomi will continue to inform, advise and regularly monitor compliance at a senior level in the company. Where appropriate, additional tools will be implemented that support our processes, provide necessary security and ensure that GDPR data management and protection objectives are met.
Tascomi Products and Solutions
Tascomi’s extensive range of innovative cloud solutions are used to provide industry-leading, web-based and mobile software solutions to help Local Authorities and Government departments. Whilst the data in a Tascomi system is owned by our customers and responsibility for compliance under GDPR falls to the customer, Tascomi are committed to providing capability in our solutions to support our customer’s obligations and compliance activities under the GDPR legislation.
Such capability will include tools to locate and manage personal data held in the customer’s Tascomi solution, including the ability to anonymise or remove data (the “right to be forgotten”) as well as respond to requests under the legislation to delete, correct or restrict the processing of data. The use of these tools will be designed to improve general data management capabilities as well as aid the customer’s ability to stay compliant within the GDPR legislation.
Further information on GDPR is available from the Information Commissioner’s Office (ICO): Guide to the General Data Protection Regulation (GDPR) – Click Here
The ICO have also produced a helpful document detailing 12 steps to prepare for the new legislation – Click Here
If you have any further questions relating to GDPR and your Tascomi solution or to the management of personal data held by Tascomi – Click Here