As my last post highlighted the biggest danger to your compliance with the forthcoming GDPR could be your staff, whether as a malicious act but more likely due to lack of training. However, as you are their employer you will be responsible for any damage suffered by individuals whose personal information is unlawfully released.
We all know about the Hawaiian nuclear mistake. The Agency responsible for the mistake allowed press photos to be taken at its headquarters and clearly visible were Post-it stickers on their computers of passwords, one of which was capable of being read. This would be a clear breach of the Security Principle under the current Data Protection Act. (Photo below by Jennifer Sinco Kelleher/AP, Business Insider)
The European Union (Withdrawal) Bill 2017 – 19 has fixed the UK’s exit day from the European Union as 11pm 29th March 2019. The European Commission, on the 8th January, reminded the remaining EU Member States that once the UK leaves the Union it will become a “third country” whereby automatic transfers of personal data from EU businesses will no longer be permissible.
Small and medium sized businesses may not be able to afford the advice on compliance with the GDPR being offered on the market. Cornflower Associates, however, are positioned to be able to offer expert advice based on many years experience with small and medium sized businesses in mind.