The GDPR (General Data Protection Regulation) applicable as of 25 May 2018, protects EU citizens: any company processing data of EU nationals must comply with this regulation. As Swiss companies, we are therefore also affected if you process data belonging to these nationals, even before the adaptation of the GDPR within the future revised version of the Data Protection Act. Discover the principal changes brought about by this directive, our advice on how to comply… and how Net4All is adapting!
Security of personal data: better distribution of responsibility
There are two distinct parts regarding the protection of personal data. The first is the data controller, who determines the purposes and means of data processing. For example, this could be you, when you collect data in the course of your business. The second is the subcontractor, who carries out the actual processing of the data: this is your host, your editor, your web agency, etc.
In the event that the processing of personal data is not entrusted to a service provider, these two parties naturally become merged into one. Until now, the data controller has been fully responsible for any data it holds and the only body that is legally « guilty » should there be an instance of data theft, for example.
GDPR – a game changer
As of 25 May 2018, GDPR changed all this. Responsibility for the protection of personal data is now shared between the data controller, or « controller », and the data processor, or « processor ». The latter has become responsible for the data it processes on your behalf, and they must therefore ensure that they are complying with the directive, just as you must do. Previously, even if your service provider made a mistake, you were held responsible for not having taken enough care with the data. Soon, however, the European supervisory institutions will be able to deal with them directly in the event of an error.
This does not preclude you, nevertheless, from needing to choose your service providers carefully. They become your partners in protecting your data and those of your customers… Of course, they have to comply with the European data protection regulation, but in addition, they have a role to play in helping you to develop your expertise on the subject should you not happen to be able to draw on this type of expertise in-house. In addition to technical support, it is also important to take training, transparency and trust into account.
How can you protect data? Benefit from the experience of experts
The GDPR is a legal directive that has a greater organisational and legal impact than it does a technical impact. We advise you to consult the guidelines of the European institutions, to appoint a Data Protection Officer, and to be take advice from a lawyer or legal expert. In fact, there are many specialists in this field !
And at Net4All, as a provider of IT security and hosting services, we have chosen to follow this route! Our expertise does not cover this and so we cannot advise you on the subject. However, once you have undertaken a risk analysis, we are qualified to support you in providing technical security for your data. How can you achieve the level of security you need to meet the challenges you face? Is your system secure enough in respect of the criticality of your data? What improvements need to be made and how should they be implemented? Our experts can provide you with the answers to these questions. They can also help you to understand the actions they take and recommendations they make.
“Together, we’ll make the digital world safer » is our vision. Data security is built hand-in-hand with you! Our experts will support you in your development, and you can help us to improve on a daily basis. Transparency is a very important concept at Net4All. That’s why we encourage our clients to regularly audit us so that we can stay on top of things and ensure you are completely satisfied.
Would you like to find out more?