Skip to main content

What is GDPR and GDPR Compliance?

The EU General Data Protection Regulation (GDPR) is built around two key principles:

  • Giving EU citizens (data subjects) control of their personal data
  • Simplifying and strengthening regulations for businesses with a unified approach across the European Union

It’s important to note that the GDPR will apply to any business that processes the personal data of EU citizens which means that it could also apply to companies based outside of the EU.  The UK government has confirmed that Brexit will not affect the GDPR start date, or its immediate running and it will commence from the 25th May, 2018. GDPR has implications for all organisations that collect information about customers resident in the EU, and whilst the telecommunications and IT sectors have adhered to a strict regulatory regime for a number of years there are changes that the GDPR compliance will bring. This page aims to outline some of the most significant changes that are coming, and will also highlight the Columbus view and update on the General Data Protection Regulation.

GDPR Background

The GDPR is a new EU Regulation which will replace current UK legislation. This was originally implemented in the UK via the Data Protection Act 1998 to enhance the protection of the personal data of EU citizens and increase the obligations on organisations who collect or process personal data. The GDPR builds on many of the original Directive’s requirements for data privacy and security, but includes new provisions to bolster the rights of data subjects and adds harsher penalties for any violations.

How does GDPR affect telecoms and IT?

Organisations that transfer information for data warehousing, analytics and marketing purposes will need to delete, encrypt or ‘anonymise’ their data. Whilst IT and data security is already of paramount importance to Communications Providers (CP’s), security measures will need to meet strict GDPR compliance standards. Another important consideration will be data portability. CPs will need to be  provide customers with a copy of their personal data in an easily accessible electronic format if requested.

Does GDPR apply to my business?

GDPR applies to any business that processes the personal data of EU citizens. This includes customer, supplier, partner and employee data. So the first question you need to ask is how often does your business deal with personal data? This includes customer data, but have you factored in supplier data? Past and present employees? If you’re collecting any of this data routinely, you’ll need to ensure GDPR compliance, whether the data is in a database, computer network, mobile phone, in the cloud or on paper.

Key Provisions of the GDPR

The EU General Data Protection Regulation (GDPR) will replace all other data protection regulations within Europe. The GDPR does two things; It protects the data rights of EU citizens, and it protects their privacy, i.e. their data. Any organisation that carries out  business activities within the single market will have to comply with it. This also includes non-EU businesses who deal with EU customers. Find out about some of the key provisions below.

Don't hang on to old data

One of the key principles of GDPR is to require companies not to hold on to personal data for longer than necessary, or process it for purposes that the individual isn’t aware of. Identifying your data categories and what personal data you have, and why, will be very helpful in ensuring GDPR compliance.

Explicit Consent

Individual ‘consent’ has been redefined under the EU GDPR and as a result become more strictly controlled. The intention is to put the data subject in control of their own personal data. On top of this, requests for consent can no longer be hidden in small print but must be presented clearly, and separately to other policies on your website or communications. Pre-ticked boxes for consent are no longer acceptable for example. Consent may not be required for pre-existing personal data, as long as you have a legal basis that’s compliant with the current legislation (the DPA). The principle is that inactivity is no longer a legitimate means to confirm consent.

Privacy by design and default

GDPR mandates that organisations should include privacy in their processes and systems by design. This means that all the organisation’s systems and software should adhere to the key tenets of GDPR. For instance, if a request to be forgotten is received from an EU citizen, you should be able to completely erase the personal data belonging to the data subject within the specified time frame.

Right to be forgotten

The way we collect, store and use data will change under GDPR. The right to be forgotten mandates organisations to delete all of an EU citizen’s data, including all copies, should they request it. To ensure GDPR compliance, this requires a comprehensive data map covering what data is stored, where, and who has access to it.

Right to data portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. In so doing, GDPR allows data subjects to obtain and transfer personal data, from one data controller to another, in a safe and secure environment. This enables individuals to take advantage of applications and services that can use their data to find them a better deal or help them understand their spending habits for example.

Stricter rules for data breaches

Breach notification is another key provision of GDPR compliance. Under this provision, it will become mandatory for organisations to notify the data protection authority and customers within 72 hours of a data breach. In the UK the data protection authority is the Information Commissioner’s Office (www.ico.org.uk). It is also important that the organisation suffering the data breach prove their due diligence in preventing them.

Higher non-compliance fines

The GDPR toughens up penalties that already exist under the DPA. These penalties at present include:

  • Maximum fines of £500,000
  • Prosecutions, including prison sentences for deliberate breaches
  • Obligatory undertakings, where your company has to commit to specific action to improve compliance

With the onset of the GDPR in May, these penalties are set to get much tougher. Businesses in breach will see a dramatic increase in fines with penalties reaching an upper limit of €20 million or four per cent of annual global turnover, whichever is higher.

The Columbus position on GDPR

It’s easy for businesses with so much work and limited time and resources to see the GDPR as a burden. But it’s something that can be used to your organisation’s advantage. By proving to potential and existing customers that your organisation is compliant with GDPR  you could add significant value to your proposition which in turn could help you generate more business. No one likes having their data lost, stolen, damaged, misused or shared without proper consent, and doing everything you can to protect your customers and grow their trust could be a valuable selling point. There are serious reasons to become GDPR compliant and from a practical viewpoint, you should see it as being worthwhile to organise your back office more efficiently, earn your customers’ trust and be the company that respects personal data, rather than doing little or nothing about it and suffer the consequences later.

Columbus is fully focused on GDPR compliance. Columbus already operates in a a highly regulated telecommunications sector so we are confident that our processes and services will meet GDPR requirements prior to the go live date. Prior to and beyond the implementation of GDPR, we will monitor our processes to ensure full compliance with GDPR at all times. Whether we collect personal data from our customers, suppliers or business partners, or process any personal data on behalf of our customers, we have stringent technical and organisational measures built around all of our data sets to ensure full compliance.

Have a question about GDPR compliance? Get in touch with the Data Protection Officer.

Columbus are very flexible in their approach to our demands, keeping control over our business connections, supporting our remote staff & providing us with a value for money service. The friendly efficient staff are always on hand to help when required.

Jerry GriffinFacilities Manager, PEI-Genesis UK Ltd

We originally approached Columbus to help us fill the gaps in our inbound solutions portfolio. Due to their fantastic support, customer service and willingness to work closely together, we have worked in partnership for over 10 years. This has resulted in significant advances for our mobile, SIP and Hosted PBX offerings. The key area any business appreciates most is the ease in which it can engage, plan and deliver projects for customers with its partners. With Columbus, we can always provide a great service for our customers… we simply do not get the same level of service from any other company.

Christian CoeManaging Director - Telecoms Advisor Ltd

Working with Columbus is easy; they are great partners and the team responds quickly to our requests for input. In fact, they are the most responsive and easy to work with partner we have, even when we have challenges to resolve.

Gabrielle AlamManaging Director, Eyes2market UK Ltd



    By submitting this form you have read and agree to our Data Privacy Statement.

    Latest from the Columbus Business Blog…

    Recent Posts / View All Posts

    Cameron Stevenson at Columbus UK wins QA Scotland Tech Apprentice of the Year 2023

    | IT Services | No Comments
    Investment in Apprenticeships at Columbus UK highlighted in national awards ceremony We are delighted to announce that Cameron Stevenson at Columbus UK has won the QA Scottish Tech Apprentice of the Year Award for 2023! The awards ceremony took place at the Grand Central Hotel in Glasgow on Tuesday 7th March with over 140 attendees from businesses across Scotland. Cameron's…
    KnowBe4 Logo

    KnowBe4 ranked as the top Security Awareness Training Platform

    | Cyber Security | No Comments
    KnowBe4 Ranked as the number one Security Awareness Training Platform for the 10th Consecutive Quarter The latest G2 Grid Report compares Security Awareness Training vendors based on user reviews, customer satisfaction, popularity and market presence. Based on over 695 G2 customer reviews, KnowBe4 is the top ranked security awareness training platform with 99% of users rating 4 or 5 stars,…
    Apple security flaw

    Apple security flaw – update your Apple devices

    | Cyber Security | No Comments
    Apple security vulnerabilities Apple security flaws have recently been identified and if you own apple devices you need to take action. You may have seen in the news over the weekend that Apple has identified two significant security vulnerabilities in its operating systems (this covers iPadOS, iOS and macOS). One of the software weaknesses affects the kernel, the deepest layer…
    KnowBe4 - Phish, analyse, train

    KnowBe4 Named a Leader in The Forrester Wave for Security Awareness and Training Solutions

    | Cyber Security | No Comments
    Knowbe4 named leader in the Forrester Wave KnowBe4 has been named a Leader in The Forrester Wave™: Security Awareness and Training Solutions, Q1 2022. Using a 30-criteria evaluation, the Forrester Wave report ranks 11 vendors in the security awareness and training market based on their current offering, strategy, and market presence. KnowBe4 received the highest scores possible in 16 of…

    “Make operational life simpler by switching to a single, reliable and trusted solution provider and concentrate on what’s really important to your business.”

    What We Deliver…

    Outstanding customer service and account management

    A single supplier to help you consolidate services and reduce costs

    Hassle free switching from your incumbent provider

    Excellent network coverage and resilience

    Extensive, high quality portfolio of services covering voice, data, mobile and IT

    Reduced admin time with a single invoice for all services and a single point of contact

    Big savings on multiple service bundles, competitive tariffs and accurate and timely bills

    Commercial strength, stability and longevity

    Need Help? Talk to a Columbus compliance expert. Call us on 0333 240 7755. Let's go!