GDPR for IT Services: Keeping compliance at the heart of the controller/processor relationship
The General Data Protection Regulation (GDPR) (Regulation (EU)2016/679) of the European Parliament and of the Council comes into force on 25th May 2018 repealing Directive 95/46/EC.
GDPR is intended to be a data protection regulation for the modern economy, fully embracing the advent of the cloud and distributed computing. That said, GDPR does not mention IT systems specifically, but the technical and organisational measures which are required to protect personal data are to a very significant extent IT related. They cover:
- systems to hold and process data;
- monitoring and reporting on compliance of those measures, including training and monitoring of policies and procedures; and
- detecting data breaches and security incidents.
The paper looks at measures processors can take to assist controllers to comply with GDPR and to adequately manage the associated risk.
To read the full whitepaper, please click here.
News & Insights
Equitable duties of confidence and the Trade Secrets Directive – where are we now?
We take a step back and look at where the law around confidential information comes from.
COVID-19: Advice for food businesses wanting to diversify
Many food businesses have looked to diversify their offering to maintain business during the Covid-19 lockdown.
Charles Russell Speechlys advises AIQ Ltd on Main Market readmission and reverse takeover of AI codes
Charles Russell Speechlys has assisted AIQ Ltd on the completion of the acquisition of AI Codes and on Main Market readmission.