Introducing our resident GDPR guru - and more
Hot on the heels of our previous article about the new and scary legislation that is the General Data Protection Regulation (it’s not that scary, but you’ll need to be prepared), we’re pleased to announce our very own Craig Shilling is now a qualified GDPR professional! Having completed the first EU GDPR certification, Craig is now our resident in-house GDPR practitioner. Specifically, he’s attained the rather wordy “ISO 17024-accredited EU GDPR Practitioner” qualification. This means we can offer consultancy and strategic planning to businesses hoping to keep one step ahead of the regulations when they come into force in May 2018, with the credentials to back up our advice.
Well, that didn’t make for a very substantial news article, did it? I suppose we could talk about GDPR some more; there’s plenty more to say on the subject. In fact, a recent survey has been carried out amongst companies across the globe, mainly in industries such as technology and finance. Here are the most pertinent findings from this survey...
Ready... or not?
The majority of survey participants are interested in or at least aware of the GDPR, yet many of them are on shaky foundations when it comes to data protection. For one, many respondents have limited or no knowledge of where exactly data is stored within their systems. Under the GDPR customers will have the right to access their data or have it erased, so knowing the location of that data is a key part of businesses’ compliance strategy.
Even amongst those companies that know where their data is stored, fewer still have a plan to keep track of that data as it moves through their infrastructure. While tools are available to identify and track risks to customer data, the majority of respondents use manual methods, or no tools at all. In short, many of the companies surveyed have an interest in the GDPR and a desire to comply, but very little in the way of an actual compliance plan. They’re certainly not ready for May 2018.
In the driver’s seat
Not every organisation is floundering without a plan. The key drivers towards forming a data protection strategy are complying with legislation (naturally), and enhancing businesses’ privacy and data security policies in general. The GDPR is spurring organisations to tackle the “elephant in the room”, so to speak; data security is something many companies were aware of but had hoped they could sweep under the rug. As far as preparation and planning are concerned, departments from security to legal are involved across businesses, though the lion’s share of the work seems to be falling at the feet of the IT department. Data lives on computers, after all, so it makes sense that the resident tech boffins are tasked with securing information and customer data.
In terms of operational impact, most companies are confident they can adhere to the regulations and thus not suffer from any legal nastiness. The cost of this will be time and effort invested in creating new processes and controls, as well as renewing employee contracts with updated small print regarding data privacy.
On your marks...
So what needs to be done? The short answer is a lot. Fortunately, it’s a process that can be broken down into multiple strategy-friendly steps. First off, your entire business needs to be on board with making changes and implementing new processes; you can’t leave everything to your appointed “GDPR expert” and hope it’ll go away. Personal data passes through pretty much every department in a business, so everyone needs to be involved in keeping it secure.
The best advice we can give is to be vigilant. (Actually, the best advice is to talk to Silver Lining and our resident GDPR guru, but it’s not like we’re trying to plug ourselves or anything.) You’ll need to assess the privacy and security throughout your entire network to ensure it’s airtight. The GDPR is strict on data breaches and harsh on penalties. Think of your business as a carefully engineered machine; any missing pieces or leaky pipes could compromise the entire system and should be fixed up as a matter of urgency. Keeping track of where personal data is stored and used is vital; we recommend getting in touch to find out more about the most efficient way to do this.
Want to know more? Don’t hesitate to get in touch. 0845 313 11 11 is the number; don’t keep us waiting! You can also email us at firstname.lastname@example.org; we’ll aim to get back to you promptly.
Share this on social media:
We support Fusion People with their IT and telecommunications. Watch how they made an annual saving of 40%.
Contact us today for help or advice on your IT & telecoms and receive a FREE Costa!
The player supports TAB to change the controls. Update Required<br/>To play the media you will need to either update your browser to a recent version or update your <a href='http://get.adobe.com/flashplayer/' target='_blank'>Flash plugin</a>.