What is GDPR and GDPR Compliance?

The EU General Data Protection Regulation (GDPR) is built around two key principles:

  • Giving EU citizens (data subjects) control of their personal data
  • Simplifying and strengthening regulations for businesses with a unified approach across the European Union

It’s important to note that the GDPR will apply to any business that processes the personal data of EU citizens which means that it could also apply to companies based outside of the EU.  The UK government has confirmed that Brexit will not affect the GDPR start date, or its immediate running and it will commence from the 25th May, 2018. GDPR has implications for all organisations that collect information about customers resident in the EU, and whilst the telecommunications and IT sectors have adhered to a strict regulatory regime for a number of years there are changes that the GDPR compliance will bring. This page aims to outline some of the most significant changes that are coming, and will also highlight the Columbus view and update on the General Data Protection Regulation.

GDPR Background

The GDPR is a new EU Regulation which will replace current UK legislation. This was originally implemented in the UK via the Data Protection Act 1998 to enhance the protection of the personal data of EU citizens and increase the obligations on organisations who collect or process personal data. The GDPR builds on many of the original Directive’s requirements for data privacy and security, but includes new provisions to bolster the rights of data subjects and adds harsher penalties for any violations.

How does GDPR affect telecoms and IT?

Organisations that transfer information for data warehousing, analytics and marketing purposes will need to delete, encrypt or ‘anonymise’ their data. Whilst IT and data security is already of paramount importance to Communications Providers (CP’s), security measures will need to meet strict GDPR compliance standards. Another important consideration will be data portability. CPs will need to be  provide customers with a copy of their personal data in an easily accessible electronic format if requested.

Does GDPR apply to my business?

GDPR applies to any business that processes the personal data of EU citizens. This includes customer, supplier, partner and employee data. So the first question you need to ask is how often does your business deal with personal data? This includes customer data, but have you factored in supplier data? Past and present employees? If you’re collecting any of this data routinely, you’ll need to ensure GDPR compliance, whether the data is in a database, computer network, mobile phone, in the cloud or on paper.

Key Provisions of the GDPR

The EU General Data Protection Regulation (GDPR) will replace all other data protection regulations within Europe. The GDPR does two things; It protects the data rights of EU citizens, and it protects their privacy, i.e. their data. Any organisation that carries out  business activities within the single market will have to comply with it. This also includes non-EU businesses who deal with EU customers. Find out about some of the key provisions below.

Don't hang on to old data

One of the key principles of GDPR is to require companies not to hold on to personal data for longer than necessary, or process it for purposes that the individual isn’t aware of. Identifying your data categories and what personal data you have, and why, will be very helpful in ensuring GDPR compliance.

Explicit Consent

Individual ‘consent’ has been redefined under the EU GDPR and as a result become more strictly controlled. The intention is to put the data subject in control of their own personal data. On top of this, requests for consent can no longer be hidden in small print but must be presented clearly, and separately to other policies on your website or communications. Pre-ticked boxes for consent are no longer acceptable for example. Consent may not be required for pre-existing personal data, as long as you have a legal basis that’s compliant with the current legislation (the DPA). The principle is that inactivity is no longer a legitimate means to confirm consent.

Privacy by design and default

GDPR mandates that organisations should include privacy in their processes and systems by design. This means that all the organisation’s systems and software should adhere to the key tenets of GDPR. For instance, if a request to be forgotten is received from an EU citizen, you should be able to completely erase the personal data belonging to the data subject within the specified time frame.

Right to be forgotten

The way we collect, store and use data will change under GDPR. The right to be forgotten mandates organisations to delete all of an EU citizen’s data, including all copies, should they request it. To ensure GDPR compliance, this requires a comprehensive data map covering what data is stored, where, and who has access to it.

Right to data portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. In so doing, GDPR allows data subjects to obtain and transfer personal data, from one data controller to another, in a safe and secure environment. This enables individuals to take advantage of applications and services that can use their data to find them a better deal or help them understand their spending habits for example.

Stricter rules for data breaches

Breach notification is another key provision of GDPR compliance. Under this provision, it will become mandatory for organisations to notify the data protection authority and customers within 72 hours of a data breach. In the UK the data protection authority is the Information Commissioner’s Office (www.ico.org.uk). It is also important that the organisation suffering the data breach prove their due diligence in preventing them.

Higher non-compliance fines

The GDPR toughens up penalties that already exist under the DPA. These penalties at present include:

  • Maximum fines of £500,000
  • Prosecutions, including prison sentences for deliberate breaches
  • Obligatory undertakings, where your company has to commit to specific action to improve compliance

With the onset of the GDPR in May, these penalties are set to get much tougher. Businesses in breach will see a dramatic increase in fines with penalties reaching an upper limit of €20 million or four per cent of annual global turnover, whichever is higher.

The Columbus position on GDPR

It’s easy for businesses with so much work and limited time and resources to see the GDPR as a burden. But it’s something that can be used to your organisation’s advantage. By proving to potential and existing customers that your organisation is compliant with GDPR  you could add significant value to your proposition which in turn could help you generate more business. No one likes having their data lost, stolen, damaged, misused or shared without proper consent, and doing everything you can to protect your customers and grow their trust could be a valuable selling point. There are serious reasons to become GDPR compliant and from a practical viewpoint, you should see it as being worthwhile to organise your back office more efficiently, earn your customers’ trust and be the company that respects personal data, rather than doing little or nothing about it and suffer the consequences later.

Columbus is fully focused on GDPR compliance. Columbus already operates in a a highly regulated telecommunications sector so we are confident that our processes and services will meet GDPR requirements prior to the go live date. Prior to and beyond the implementation of GDPR, we will monitor our processes to ensure full compliance with GDPR at all times. Whether we collect personal data from our customers, suppliers or business partners, or process any personal data on behalf of our customers, we have stringent technical and organisational measures built around all of our data sets to ensure full compliance.

Have a question about GDPR compliance? Get in touch with the Data Protection Officer.

Columbus are very flexible in their approach to our demands, keeping control over our business connections, supporting our remote staff & providing us with a value for money service. The friendly efficient staff are always on hand to help when required.

Jerry GriffinFacilities Manager, PEI-Genesis UK Ltd

We originally approached Columbus to help us fill the gaps in our inbound solutions portfolio. Due to their fantastic support, customer service and willingness to work closely together, we have worked in partnership for over 10 years. This has resulted in significant advances for our mobile, SIP and Hosted PBX offerings. The key area any business appreciates most is the ease in which it can engage, plan and deliver projects for customers with its partners. With Columbus, we can always provide a great service for our customers… we simply do not get the same level of service from any other company.

Christian CoeManaging Director - Telecoms Advisor Ltd

Working with Columbus is easy; they are great partners and the team responds quickly to our requests for input. In fact, they are the most responsive and easy to work with partner we have, even when we have challenges to resolve.

Gabrielle AlamManaging Director, Eyes2market UK Ltd

By submitting this form you have read and agree to our Data Privacy Statement.

Latest from the Columbus Business Blog…

Recent Posts / View All Posts

Columbus UK is 25, the leading Business Communications and Technology Service Provider celebrates 25 years in business. Image of sparklers.

Columbus UK’s 25th anniversary promotion launched.

| Columbus UK | No Comments
Columbus UK is offering 25% rental discount on all new services for a limited period. Columbus UK's 25th anniversary has arrived! In 1994 the World Wide Web had just launched, we relied on dial up broadband and any web page with an image would takes ages to load line by line. You couldn't even send a text message back then!…

Columbus UK is 25! Columbus celebrates major anniversary milestone.

| Columbus UK | No Comments
Columbus UK is 25! Communications and IT Provider celebrates 25th anniversary. The year 1994 was a momentous, memorable year for many reasons: The World Wide Web was born. Nelson Mandela became president of South Africa. Netscape Navigator became the market-leading web browser. The UK average house price was £68,032. OJ Simpson fled police in his white Ford Bronco. New trading…
Horizon Collaborate UC Service from Columbus UK can help businesses of every size realise the benefits of flexible working for their employees and help them improve their work-life balance.

Horizon Collaborate UC Service – Top Tech Tool for Flexible Working

| Collaboration Tools, Flexible Working, UC Solutions, Unified Communications | No Comments
The Horizon Collaborate UC Service can help businesses of every size realise the benefits of flexible working for their employees. According to the ONS (Families and the labour market, England: 2018), the employment rate for mothers was 74.0% in April to June 2018, which has increased from 68.9% in 2013 and from 61.9% in 1996 (when comparable records began). In…

“Make operational life simpler by switching to a single, reliable and trusted solution provider and concentrate on what’s really important to your business.”

What We Deliver…

Outstanding customer service and account management

A single supplier to help you consolidate services and reduce costs

Hassle free switching from your incumbent provider

Excellent network coverage and resilience

Extensive, high quality portfolio of services covering voice, data, mobile and IT

Reduced admin time with a single invoice for all services and a single point of contact

Big savings on multiple service bundles, competitive tariffs and accurate and timely bills

Commercial strength, stability and longevity

Need Help? Talk to a Columbus compliance expert. Call us on 0333 240 7755. Let's go!