GDPR - GENERAL DATA PROTECTION REGULATION COMPLIANCESUPPORTING YOU WITH GDPR COMPLIANCE

Most of our projects start with Discovery & Planning or Auditing

Our app migration skills are specialist and of quality

We are one of Europe’s leading Hyperconvergence partners

Our Big Data skills place us at the forefront of GDPR and other compliance

Hybrid and on-premises services remain central to many projects

One of the UK’s leading Microsoft partners for all things Office 365

Are you thinking about GDPR?GDPR legislates for the use of mobile devices, data centres, cloud-based products and encryption. This regulation applies to all organisations that process data of EU citizens, regardless of the UK’s Brexit plans. GDPR states:

- You must inform data subjects & the ICO about data breaches within 72hrs

- Maximum fines for non-compliance are increased to 20M or 4% annual global turnover per breach

Don’t panic, prepare! Our GDPR work packages are designed to provide organisations with a comprehensive GDPR readiness assessment. Together, we can ensure you achieve a timely and full compliance.

But, wait! What about Brexit?GDPR will apply in the UK from 25 May 2018. The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.

The GDPR applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the Data Protection Act (“DPA”) – i.e. the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR. If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR.

However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR. The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

OK! So what data does GDPR apply to?Personal data: Like the DPA, the GDPR applies to ‘personal data’. However, the GDPR’s definition is more detailed and makes it clear that information such as an online identifier – eg an IP address – can be personal data. The more expansive definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people. For most organisations, keeping HR records, customer lists, or contact details etc, the change to the definition should make little practical difference. You can assume that if you hold information that falls within the scope of the DPA, it will also fall within the scope of the GDPR. The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This is wider than the DPA’s definition and could include chronologically ordered sets of manual records containing personal data. Personal data that has been pseudonymised – e.g. key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.

Sensitive Personal Data: The GDPR refers to sensitive personal data as “special categories of personal data”. These categories are broadly the same as those in the DPA, but there are some minor changes. For example, the special categories specifically include genetic and biometric data, where processed to uniquely identify an individual.

What happens if we don’t comply?These fines are certainly attracting the attention of board level executives. GDPR establishes a tiered approach to penalties for breach which enables the DPAs to impose fines for some infringements of up to the higher of:

4% of annual worldwide turnover and EUR20 million

e.g. breach of requirements relating to international transfers or the basic principles for processing, such as conditions for consent. Other specified infringements would attract a fine of up to the higher of 2% of annual worldwide turnover and EUR10m. The percentage applies to an “undertaking” and a last minute clarification in the Recitals adds that this is as defined in Articles 101 and 102 of the TFEU. Gosh,

that’s a lotta

dough!

Our GDPR work packages, which centre around our state of the art data remediation and mobile endpoint compliance tools, are designed to provide organisations with comprehensive GDPR readiness. We can ensure adherence to the nuances and stipulations of this new Regulation to help you avoid these hefty fines.

We are trained and equipped to support you achieve compliance with GDPR before the May 2018 enactment.

Understood! How can Symitry help?

Can you help with mobile endpoint data?With our state-of-the-art mobile endpoint data tools, we can track creation of new files on laptops or mobile devices and ensure files containing customer data and PII are protected in accordance with GDPR (and company) rules, offering:

• Centralized visibility as to what is on devices and cloud services to assess and mitigate your data risks.• Tools to help track and identify the potential for data leaks by alerting organisations of potential data risks on devices and cloud services.• The ability to remotely wipe data on mobile devices to minimize exposure risks if a device is lost or stolen.• Help companies know what is on a device that was lost or stolen to assess level of exposure.• Enforce encryption on devices to protect the files stored on them in the event the device isn’t already encrypted

From a cloud perspective, our tools can securely store the data we collect in the EU region to aid with recovery and deeper data assessment. For GDPR, we have a full and comprehensive offering to support you in avoiding a hefty fine!

GDPR Penalty Avoidance Savings. We apply your corporate and the GDPR regulatory policies to ensure you are fully compliant to avoid potentially huge fines.

You will also find substantial hard-cost savings from the reduction of the corpus of your data and productivity savings where we enrich and structure data with metadata to make data more discoverable.

$

GDPR Compliance

Busin

ess C

ase

Prod

uced

Phase One: Proof of Concept Phase Two: GDPR Compliance and Data Storage Solution

Optimise Data Storage

Analyse Your Data

We analyse your data to produce a detailed analytics report to show you what you have!

Our analysis report shows:

Sensitive and relevant dataData needed for compliance Inaccessible dataDuplicated dataRedundant obsolete or trivial data

Optionally, we can then optimise your storage to reduce the size of your corpus of data and begin the compliance process. Without ever deleting any of your data, using an intelligence archiving solution, we can also reduce your data storage costs by an average of 70%. All archive records can be searched, retained against policy and fully audited.

We reposit to virtually anywhere, including:

What’s the GDPR compliance process?

So what do we do next?Contact our Sales Team sales@symitry.co.uk

Together, we will reduce your risk and work to support you in achieving a timely compliance!

We have to figure this out by May

2018… that’s pretty soon. Team, time for

action!

Microsoft Office 365 Services As one of the UK’s leading Microsoft Partners, we offer strategy, migration and training services with expertise in the full range of Office 365 workloads.

HyperconvergenceWe are one of Europe’s leading Hyperconvergence Specialists, servers, storage, virtualization & high availability in one system.

SharePoint Consultancy

We provide best in class consultants

More Than Just EmailWe optimise investments e.g. Skype deployment

Apps MigrationsWe develop, re-

engineer and migrate legacy apps

Big Data AnalyticsWe tell you what you have and where you’re wasting

GDPR & Big Data ServicesCutting your data storage

costs dramatically by archiving data intelligently,

and in adherence with GDPR and other regulations

Microsoft Cloud ServicesWith cloud at the heart of our business, we offer world class Azure migration services and

enablement

Symitry LtdBrook House54a Cowley Mill RoadUxbridgeMiddxUB8 2QE

Tel: 01895 456000Email: sales@symitry.co.uk