Close Search

GDPR is not just a problem for your IT department

C5 Alliance is cautioning local businesses to be aware of changes to European Union data protection laws which will have organisation-wide impact.  The new EU General Data Protection Regulation (GDPR) is the most significant change to European data protection law in almost two decades.

C5 Alliance warned that this was an issue for all businesses and not just IT departments as the GDPR requires organisations to respect and protect personal data – no matter where it is sent, processed or stored.

Matt Thornton, director of professional services, C5 Alliance commented:

“There is a tendency to hear GDPR and think it’s just an IT problem; that it’s all to do with security of systems with hackers breaking in and stealing your organisation’s data. However it extends wider than systems and security.

“Internal policies and procedures will be critical to demonstrating compliance in key areas such as risk assessment, implementing privacy by design and data breach notification processes. That’s not to say there aren’t technical considerations – new requirements and individuals’ rights such as the ‘right to be forgotten’ and the ‘right to data portability’, as well as enhanced audit trails – will mean technological changes for local businesses. And of course physical security remains as important as ever.

“Businesses that invested in data protection under the Data Protection Act (1998) will stand in good stead but there is new work to be done to bring them up to EU GDPR standard.”

He said it was critical to recognise that compliance was a shared responsibility and that it would not be adequate to restrict accountability to one person such as a data protection officer. The organisation as a whole needs to be aware of the GDPR and its ramifications and those working in a technical capacity should at least be up to speed.

“It will take time, tools, processes and expertise for businesses to comply with GDPR.

“To do this, businesses need to make changes to privacy and data management practices, particularly in notifying and gaining consent from the people it holds data about; failure to do so could prove costly; companies that do not meet the requirements could face reputational harm and even fines.

“However it’s not all bad news; the regulation is not designed to be unnecessarily onerous, it clearly recognises the needs of organisations to handle data; it is seeking to provide an enhanced level of protection to data subjects and establish accountability.

“We would urge businesses to prepare for this change and, if they are unsure of how it could impact their organisation or how to develop a compliance plan, they should seek professional advice,” he said.

The head of the Channel Islands data protection regulator, Emma Martins, recently urged local businesses to prepare for this update and the States of Guernsey and Jersey have been working to ensure the islands are prepared for the impact of the GDPR which comes into effect in May 2018.

C5 Alliance’s professional services team is fully committed to data and systems’ protection in line with ISO27001 – an international standard focussed on information security standards.

Leave a Reply

You must be logged in to post a comment.






Why join the Chamber?

To view or discuss membership and the benefits available to your business:

» Click here to learn more

Your Chamber

The Guernsey Chamber of Commerce acts as a passionate representative voice; encapsulating industry areas that affect us all.

Contact Magazine

Contact is produced six times a year by Collaborate Communications.

Read the latest issue online


The Young Business Group was formed 50 years ago by the Chamber of Commerce.

Click here to learn more

Submit your news

Sign in or sign up to share your news via the Chamber of Commerce member news area.

» Sign in to add your news

Add your event

Sign in or sign up to submit your own events and promote them within the local business community.

» Sign in to add your event

Suite 1
16 Glategny Esplanade
St Peter Port, Guernsey

Get in touch

Telephone: +44 (0) 1481 727483

Subscribe to Newsletter

On signing up to receive regular updates from The Guernsey Chamber of Commerce, you agree to having your data held by us for communication purposes.

Sign Up Sign Up

Connect with Chamber
Facebook Linkedin
The Guernsey Chamber of Commerce is a company limited by guarantee incorporated in Guernsey. Reg No. 37792
Copyright © 2018 Guernsey Chamber of Commerce. / Articles of Incorporation / CSR Policy / Disclaimers