Data Privacy Impact Assessments
Data protection in screening
The protection of personal data and the secure means in which it is handled has become one of the most important contributing factors in determining a best practice screening organisation for both clients and candidates alike. Security Watchdog has always had data protection at the very heart of everything we do and is never something we would compromise on.
Security Watchdog is proud to be certified to ISO 27001 (the internationally recognised standard for information security) and this covers all aspects of our operation in every location for which we are audited throughout the year by specialist Information Security and Data Protection auditors. We are fully committed to ensuring the integrity, security and availability of all data that we process.
Not only are we experts in UK Data Protection but as an international screening business we have to be experts in Data Protection in all countries that we operate in across EMEA and globally to ensure that the checks that we carry out for clients and our processes are fully compliant with local employment and Data Protection laws.
EU DATA PROTECTION COMPLIANCE
On 25 January 2012, the European Commission outlined a proposal for a revised European Data Protection Regulation, as the current EU Data Protection Directive does not take into consideration important aspects of contemporary civilisation, globalization and technological developments (i.e. social networks and cloud computing).
Discussions around the various revisions have been extensive and on 15 December 2015, the European Parliament, the Council and the Commission reached agreement on the new data protection rules, establishing a modern and harmonised data protection framework across the EU. The European Parliament's Civil Liberties committee and the Permanent Representatives Committee (Coreper) of the Council then approved the agreements with very large majorities.
Once the Regulation and the Directive receive formal adoption from the European Parliament and Council, the official texts will be published in the Official Journal of the European Union in all official languages. The new rules will become applicable two years thereafter.
GENERAL DATA PROTECTION REGIME (GDPR) - THE PROPOSAL
The proposal for a General Data Protection Regime by the European Commission demonstrates the most significant development in data protection law since the launch of the EU Data Protection Directive, which – like the principles set out in the original Data Protection Act 1998 – has struggled to remain applicable to mass communication and information sharing.
GDPR becomes law as of 25th May 2018 and because the UK doesn't officially leave EU until a year later, UK companies will still have to comply with the Regime for the period we remain.
The changes are far reaching, necessitating a set of data protection compliance for each and every business process that handles personal data. Fines for non-compliance are very hefty and can run up tp millions of euros, whether the breach is deliberate of not. Ignorance of the laws is not acceptable, nor a legal defense that will be tolerated.
The legislative process has taken several years to reach its current stage and was implemented in 2016. When it is fully implemented, in whatever final form, companies need to be aware that any breach of the Regulation will hold with it a fine of up to 2% of its global turnover.
While the new regulation may seem too far into the future to require attention now, the principles of the Regulation should be considered best practice by all companies who handle personal data.
SINGULAR REGULATORY AUTHORITIES
The proposed Regulation states that companies should have one regulatory authority that acts across all EU member states. It is recommended that this single-point of authority should be located where the main decisions on, and means of, data handling decisions take place. This will enable your organisation to have a consistent approach to data handling in every member state.
The proposal effectively explains that each EU member state will regulate GDPR within its border. Companies will be required to appoint and payroll one or more Data Protection Officer. However, these Officers will report directly to the country Regulatory Authority NOT to the company itself.
These officers will be obligated under severe penalties of the law to report all breachs of GDPR they uncover to the Authority directly or take the legal consequences should they fail to do so, or try to cover up these breaches.
THE THREE PRINCIPLES OF COMPLIANCE
There are guidelines that can be followed in order to make your company compliant with the new Regulation. The Advisory Bureau has published The Three Principles of Compliance - a guidance report that can help organisations who operate within multiple EU States to retain compliance during the development of the new Regulation.
As subject matter experts in data protection, the Security Watchdog's Advisory Bureau can provide best practice guidance for your datahandling procedures, including audits, consultancy and primary documentation development.
How can we help with data protection?
WHAT CAN A DATA PRIVACY IMPACT ASSESSMENT DO FOR YOU?
A data privacy impact assessment is designed to help you achieve compliance before the NEW GDPR (explained at the bottom of this page) law takes effect and consists of:
- Producing a readiness audit report to establish just how ready your organisation is to meet the requirements of the new law
- Assisting in understanding exactly what data is being processed and to identify key processes that require data privacy policies putting in place
- Guidance on producing fit for purpose policies
- Assistance on producing an action plan with timescales for implementation of polices
- Recommendations and advice on best practice in data handling and protection
As far as execution and enforcement of GDPR is concerned the European Commission has stated that ignorance of the law is not an acceptable excuse and fines will be levied regardless of status and commensurate to the size and profitability of the company. These enormous financial penalties will be equivalent of 2-4% of global turnover which in some cases to run into millions of Euros.
For more details about our Data Privacy Impact Assessments please contact us below.