What is GDPR?
The new GDPR (General Data Protection Regulation) is coming into effect in May 2018 - not long left to ensure your organisation is compliant. It is an update to the Data Protection Act of 1998 which was implemented before the dawn of social media, the expansion of broadband and the wide usage of smartphones, so had become rather outdated. The GDPR is being implemented to protect everyone’s personally identifiable information (PII). It’s there to help all of us, but it does mean putting in sufficient effort to make sure you comply and are not ever going to be responsible for leaking sensitive data.
What could happen if you don’t comply?
If you hold any PII data at all but don’t comply with the GDPR, or data is leaked from your organisation the ICO (Information Commissioner’s Office) could enforce hefty fines upon you. Although the regulations go far beyond just data that is stored on IT systems, a lot of any organisation’s data is likely to be stored and accessed on the computer network and other attached devices, so compliance from an IT perspective is crucial.
How can you prepare for GDPR?
Some key elements include:
- Being able to demonstrate that you know where all PII data is stored within your organisation and understand the risks
- Being able to supply any individual with all PII data that refers to them if they request it
- Being able to delete any individual’s PII data off all your systems if they request it
- Being able to delete all PII data that you no longer need/use
- Making sure you are doing everything necessary to prevent unauthorised access to this data and prevent data leaks – review your controls
- Ensure staff understand GDPR and are suitably trained
- Consider cyber insurance
How Qdos can help you to become compliant
The first step (and one of the most important!) is to identify where the personally identifiable information that you hold is located. We can help by running a thorough audit on your IT network and connected devices used by staff. We will then create a report to show you where this information is stored as well as who has access to it. Using this information, we will then provide you with recommendations to help shape your data protection policies towards compliance. This might involve taking actions such as encrypting data as it is stored, locking down access to only those who really need it, or removing old data that you no longer need to keep. Once the audit is in place we can help you plan for what’s involved next to help you become compliant and avoid heavy fines.
Whilst the process of becoming compliance is not technically difficult, it can be a time consuming exercise so it’s important to start the process sooner rather than later. Speak to us now to arrange an audit.