How GDPR Will Impact Data Management Practices

On May 25th 2018, Europe’s General Data Protection Regulation (GDPR) will become implemented into legislation and this means that for all those within the IT and data management industry, life in the workplace is about to drastically change.

The UK’s leading managed IT service provider, Nasstar, has looked into how exactly this will affect workplaces within the UK.

Europe’s General Data Protection Regulation (GDPR) is a new legislative law that will help reinforce and strengthen data protection and provide heightened security to both individuals and companies across the EU. Although the UK currently has the Data Protection Act 1998 implemented into legislation, the GDPR will override and tighten these pre existing laws and ensure that all of Europe is united and subject to these new data protection laws.

Any company that provides services or offers goods to European data subjects that either manage, hold or process data of those living with the EU will be affected as a result.

According to Article 4 of the GDPR, a processor is ‘a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.’ whilst a controller is ‘the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.’

If your role falls under ‘processor’ then you are subject to a significant number of restrictions under the controller. For example, processors can’t engage another data processor without the express permission of the controller. In contrast to this, the controllers are responsible for handling personal data, and as such are tasked with taking charge of ensuring that the GRPR is upheld and complied with. However it is worth noting that both processors and controllers are subject to fines if the legislation of the GDPR is not upheld, and could face a minimum whopping 20 million euros fine.

Although there are many changes that the General Data Protection Regulation will bring to the role of data management, there are some changes that are more notable than others.

Primarily it’s important to know that as of March 25th 2019, all data breach notifications have to be handed to the relevant supervisory authority within 72 hours of a data breach where it is likely to “result in a risk to the rights and freedoms” of individuals. This new limited time frame is a massive change to the system and needs to be kept on top of to avoid breaching the GDPR.

It’s also worth noting that data subjects now have significantly more rights to their own personal data, as they now have the opportunity to both access and erase it. If a data subject so wishes, they are now able to find out where and why their data is being processed, and have the rights to be given a free electronic copy of this data. They may even erase this data under the ‘right to be forgotten’ but this must be taken under consideration following a ruling based on the public’s interest.

Mark Hodgkinson, Head of Professional Services at Nasstar says: “As part of the new legislation, companies must also appoint data protection officers, whose job it will be to advise and monitor both the processors and controllers; ensuring that the GDPR is being implemented effectively. Although not every company will be obligated to appoint a GDPR, almost all businesses, including us at Nasstar, will have to have one, as well as private companies who either regularly monitor subjects or who process conviction information.

“By ensuring that you understand these upcoming GDPR legislative laws and prepare yourself for these changes, you will be ready to implement the regulations from the get go, meaning that you and your organization will be straight off the starting blocks and powering ahead of the data management game.”

For more information on Nasstar please visit: