01732 759725
VOX POP
44
Colin Griffin,
Managing Director,
Blackbox Solutions
:
“In a data-driven
world, the existing data protection laws
from 1995 are now inadequate. The new
GDPR includes key changes to regulations
including amends to data handling
standards, consent and penalties if laws
are breached. In short, there is a lot of
ground to cover!
“Blackbox has recently been certified
with the information management security
management standard ISO: 27001, so we
are well prepared for GDPR and are now
in a position to support our clients through
the process.”
Matt Goodall,
Service Director,
Office
Evolution
:
“There is a mountain of
reading and procedural practice to put in
place, but the good news is you have until
May 25 2018 to do it. The Information
Commissioner’s Office has produced guides
to help you, but with such a significant
change there will need to be time for
adjustment before the rules can be strictly
enforced. There will no doubt be simpler
step-by-step guides to follow, but larger
companies are definitely going to have a
more complex route to compliance.”
Mark Smyth,
CEO
,
Vision
: “There are
significant differences in compliance
from the DPA 1998 and GDPR, and
we are currently working through a
comprehensive check list of actions for
compliance and also creating awareness
within our business, as well as for clients.
One step we took early on was to become
Cyber Essentials PLUS certified, which has
been a great health check and process
for becoming compliant and minimising
security risks within our organisation.”
Melissa Odawa,
Legal Affairs Executive,
KYOCERA Document Solutions UK
:
“GDPR requirements are more extensive
than current local data protection laws,
with tougher sanctions, the introduction of
a data breach notification, a higher bar for
accountability and governance, and greater
individuals’ rights. Kyocera takes these
changes very seriously and has started a
project to implement these changes in its
EU subsidiaries.”
Graham Herrington,
Managing Director
,
Managed Print Partners
:
“Yes, there
are lots of key differences that will come
into effect with the change. A major one
is that you will now need paperwork-
based evidence for all data flows, as you
will need to be able to prove where each
and every bit of data came from. This will
require much more stringent workflow
processes to ensure compliance.
“It also now offers greater protection
over electronic data processing. This is very
much needed for the 21st century, but
may require some serious software and
hardware updates for some companies.”
With the new EU General Data Protection Regulation (GDPR)
coming into force on May 25 2018,
PrintIT Reseller
asks this
month’s panel what steps they are taking to ensure compliance
with the new rules
Countdown
to the GDPR
PITR:
There are significant differences between existing data protection
laws and the new GDPR requirements, are you finding there is a lot of
ground to cover to achieve compliance?
Continued...
The biggest
challenge
that our
clients face is
ensuring that
they are not
left behind
Mark Smyth,
CEO,
Vision
PITR:
One commonly voiced
concern is the significant resource
implications that implementing
GDPR could have, especially
for larger or more complex
organisations. Has this affected your
business?
Colin Griffin:
“The new GDPR introduces
more stringent and prescriptive data
protection compliance challenges. These
changes will impact on all types of
organisation – regardless of size – and
businesses need to act now to assess
what changes they will need to make to
their current data protection compliance
initiatives.
“To comply with GDPR, businesses
need to commit significant resources or
get support from a company like Blackbox
Solutions. With ISO: 27001 compliance,
Blackbox Solutions is prepared for the
changes and consequences for our
business and sector.”
Matt Goodall:
“Without a doubt! The
larger organisations are going to see
the complexity of the new regulations
having a greater effect. Whereas a smaller
company may have a single controller and
processor of data, larger organisations
may well have multiple controllers and
processors all needing to liaise and
comply with new procedures. As a smaller
company, we will have a single point of
responsibility. We have to comply with the
same regulations, though, and will have
to review our procedures to ensure we are
fully compliant.”
Mark Smyth:
“GDPR has certainly
impacted our business, and we have been
streamlining and updating our infrastructure
to improve security and become compliant.
The more elements of data processing and
data controlling you have, the more there is
to deal with for compliance and to ensure
you meet the new requirements.
“Our Cyber Essentials PLUS
Larger
companies
are
definitely
going to
have a more
complex
route to
compliance
Melissa Odawa,
Legal Affairs Executive,
KYOCERA Docume t
Solutions UK
