The EU GDPR is a statutory obligation upon organisations and their data processors and comes in to effect on 25 May 2018. It impacts all companies and countries that trade with EU-based citizens, or hold data about them, regardless of whether such companies themselves are based within the EU.

Qualifi has recently accredited Level 2,3 and 4 Cyber Security Diplomas designed by experts at the UKSP Global Cyber Academy based in London. Each Diploma contains dedicated data security and GDPR compliance modules.

Richard Bingley, Chief Executive at the UKSP Global Cyber Academy said:

“Breaches of some provisions by businesses, which law makers have deemed to be most important for data protection, could lead to fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater, being levied by data watchdogs. For other breaches, the authorities could impose fines on companies of up to €10m or 2% of global annual turnover, whichever is greater.”

The relevant provisions on data security are contained under Articles 5 and 32 of the Regulation.

Article 5 sets out basic rules on personal data processing which only apply to data controllers, considered to be fundamental to data protection. One of those rules requires data controllers to ensure that personal data is “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures”.

In contrast, under Article 32, if data processors do breach their statutory data security obligations, but did take appropriate technical and organisational counter-measures, such as risk assessments and encryption, then the most they could be fined is up to €10m or 2% of global annual turnover.

Data controllers are also subject to the Article 32 obligations. It therefore appears open to national data protection authorities to fine data controllers for any data security failings under Article 5 or Article 32.

Further details and a guide to EU GDPR for potential students:

Richard Bingley

Advisory Council Member, New Security Alliance, London