17 June 2016

Local businesses prepare for the new General Data Protection Regulation

Disposing information securely and protecting company data are key areas for staff training in relation to cyber security, according to Carey Olsen and Galaxy CI.

Carey Olsen teamed up with Channel Island IT specialist Galaxy CI to provide advice on the new General Data Protection Regulation (GDPR), which comes into force in May 2018. 

Attended by company directors and IT and compliance managers, the seminar was led by counsel Richard Field and Galaxy managing director Stuart Moseley and included a demonstration of Galaxy's data destruction equipment.

Advocate Field said: “The primary focus of the GDPR is to protect the personal data of citizens of the European Union wherever it is held, processed or transferred. While the Channel Islands stand outside the EU, the legislation affects any local companies that do business in the EU (or profile EU citizens). The GDPR is seen as the "gold standard" and as such we are likely to bring in equivalent legislation of our own. This should be on every board's radar and preparations for 2018 should be discussed on a regular basis.

“Ensuring data is destroyed securely is just as important as protecting it during its "useful" life. It is not simply the responsibility of the IT departments to know what can and cannot be done with information; all members of staff need to learn and engage in the process in order to correctly monitor and protect both their and their clients' interests.” 

Mr Moseley said: “Information management is one the biggest challenges facing modern businesses and it is crucial that they understand the due diligence that is required.

"A common misconception is for businesses to believe they can hold on to client data ‘just in case’. This is generally not compliant and it is important that companies understand the current law and adapt to meet the GDPR, including having a transparent audit trail when destroying data.”