C5 says the new EU General Data Protection Regulation (GDPR) requires organisations to respect and protect personal data.
Matt Thornton, Director of professional services at C5 Alliance commented: “There is a tendency to hear GDPR and think it’s just an IT problem; that it’s all to do with security of systems with hackers breaking in and stealing your organisation’s data. However it extends wider than systems and security.”
According to Mr Thornton, it is critical to recognise that compliance is a shared responsibility and that it’s not adequate to restrict accountability to one person such as a data protection officer. The organisation as a whole needs to be aware of the GDPR and its ramifications and those working in a technical capacity should at least be up to speed.
“Businesses that invested in data protection under the Data Protection Act (1998) will stand in good stead but there is new work to be done to bring them up to EU GDPR standard”, added Mr Thornton.