ICAEW.com works better with JavaScript enabled.

Continue reading

View groups

Getting ready for the GDPR deadline

If stopping processing digital information is out of the question for your business, there is just time to take action and ensure you are GDPR compliant. Alan Calder goes into detail about personal data, lawful basis and information security surrounding the imminent new regulation.

Processing personal data under GDPR is lawful only if and to the extent that one of the following six conditions applies.

If you cannot demonstrate that you have identified a lawful basis for processing data under the GDPR by 25 May 2018, you will need to stop this processing. Continuing would be breaking the law. The incoming regulation states that data controllers must be able to demonstrate compliance with six data processing principles, the sixth of which (integrity and confidentiality) requires personal data to be processed in a manner that means data protection must be embedded into the culture of your organisation. One way to demonstrate this is to achieve certification to a recognised standard or framework.