There are less than 30 days until GDPR replaces the Data Protection Act 1998 as law in UK. Little wonder then, that the new data directive is making headlines.
GDPR will control how data is obtained, processed and used by organisations across the EU (and those businesses that sell products or services into the EU). It is designed to protect the rights and privacy of data subjects (any EU citizen that an organisation holds data about).
If your organisation hasn't started thinking about GDPR yet, don't panic; but do act as soon as you can. Now is always a good time to evaluate your data security procedures. Organisations can also continue putting measures in place after the GDPR effective date (25th May 2018) - you don't have to have it all 'boxed off' right away. And, there are some surprisingly simple first steps you can take to put you on the path to compliance...
With the GDPR clock ticking you may be keen to dive straight into reviewing your data security procedures. However, there are some things to consider before launching into compliance tasks, including:
Taking some time to plan before you start GDPR tasks can make the process less overwhelming. Once you have established who in company GDPR might involve, and its potential impact on your organisation, it's time to take the first steps...
GDPR is a company-wide responsibility and every staff member can help your organisation comply. Make sure your teams know that GDPR is coming into force, that financial penalties may be imposed on companies that don't comply and that everyone can play a part in avoiding this. Employees need to understand how important data protection is and know that they can help your organisation achieve compliance.
Not all companies are obliged to have a Data Protection Officer, but depending on the nature of your organisation this may be a legal requirement. In any case, it is a great idea and good practice to assign data protection duties to a specific person. This may be a completely new role in your organisation or you may already have a DPO in your team. Whoever takes on these duties, they must have a deep understanding of GDPR and data protection laws. Having a nominated DPO also gives other employees a go-to resource for any GDPR-related questions they may have.
Once you have communicated to staff the importance of GDPR, it's time to perform a data audit. A data audit and review of your current data security processes is a vital step on the road to GDPR compliance. Key questions to ask include:
Under GDPR, all data subjects have certain rights regarding the use of their data. These rights will guide everything you do around data, so you should ensure all staff are familiar with them. You can view the rights of data subjects and how this might affect the way your handle data, on the ICO website.
Complying with GDPR may seem daunting, but organisations can make it easier for themselves in a couple of ways. The first, is to employ an expert organisation to perform an assessment, known as a gap analysis. This will identify areas in your organisation that aren't compliant with GDPR and need some attention. The second, is to use a cloud hosting solution from a global provider to store your data, such as Microsoft Office 365. Office 365 has GDPR-compliant measures in place that meet its security and threat protection requirements. Using cloud hosting means your data has the very best security and protection available, and you don't have to do a thing. Plus, using cloud-based solutions as part of a wider IT Managed Services means your software will be continuously updated by your provider.
Core can provide your business with either or both of these options. We can perform a GDPR assessment in your workplace, with no obligation to sign up for any further services after the assessment. Or, if you would like to talk to us about Managed Services and a cloud-based data solution, you can contact us here.
Core has also created a checklist and guide to GDPR to help organisations establish their current level of compliancy, and the steps they still need to take to become compliant. Click the link below to download your free copy: