The EU's General Data Protection Regulation (GDPR) was implemented by the EU Council and Parliament in April 2016 and was enforced in UK on 25th May 2018.
GDPR has probably been on your radar. If you've been ignoring it, think again!
Rapidly developing technology like cloud storage and common IT Security weaknesses have led to repeated exposure of sensitive data. GDPR is the response, a much stronger protection than the previous Data Protection Act of 1998 (DPA). Compliance is mandatory.
Regulations that have power over all those in business are rare, but GDPR does in a big way.
As of May 25th, 2018, if your company is found to be in breach of GDPR, the Information Commissioner’s Office’s (ICO) could fine you £20million or 4% of annual global turnover, whichever is greater.
Can you afford to keep ignoring it?
Where to Start?
As GDPR is so sweeping, covering data protection, information security and risk management, we recommend the starting point should be a Gap Analysis that assesses these three areas and identifies where your company’s GDPR susceptibilities lie.
You will need to put in time, effort and resources, which will enable you to make good decisions and adapt to GDPR requirements successfully.
As a result of the Gap Analysis, you would need to enact a programme of change, setting up new processes, recording and documenting them, assigning new duties and obtaining new tools for the automation of as many tasks as possible. A key part of this implementation will be staff awareness and retention of what they can and can’t do under any new systems.
Get your Gap Analysis and implementation wrong and you could be focusing on the wrong things, as well as leaving yourself open to a fine. The ICO is determined to see that businesses develop a culture of privacy and respect for sensitive data. Clearly, following your GDPR obligations correctly is important – and we’re here to help!
What delron IT can do for you?
We can build a programme tailored to your business and security needs. Allow us to take care of your GDPR anxieties by providing the following services:
- Gap Analysis: This audit includes looking at your existing policies, documentation, the personal data you hold, and permissions procedure for gathering new data, before we create an action plan to move your company forward towards GDPR compliance.
- Infrastructure Audit: Expertise to carry out a complete professional Infrastructure Audit, reviewing your internet/hardware/software and a comprehensive Vulnerability Scan for your entire infrastructure.
- Staff Awareness Training: This can be one-on-one coaching, classroom training or an online GDPR Staff Awareness course to educate your staff on their legal responsibilities, dependent on your requirements.