General Data Protection Regulations For Business Leaders
The biggest vulnerability in any business are the employees followed by IT than the business processes and procedures. Although technology can help block 95% of all malicious emails and web links, those 5% that get through can do a lot of damage. This is where we come in.
First of all, Don't Panic then read through this summary:
1) What is GDPR:
A tough new personal data law comes into effect on 28th May 2018 which is designed to allow individuals better control of their personal data with the potential for large fines for compliance and/or data breach failures.
2) What does it mean to my business:
You need to be able to demonstrate you have the controls, processes and procedures around the following areas:
3) Do I need a DPO:
You may need a DPO if your core activities involve special categories of data (see GDPR Article 9(1) or you manage large amounts of personal data.
If you do not need a DPO, you may still need to make sure you have a good Data Policy addressing all the points above. Think of it as a spring clean of your data and could allow you to turn this new data focus into an opportunity for your business!
It's important to make sure there is clear and open communication between all key business sponsors, such as HR, Finance and Legal with the full support of the board.
"When you consider that employees are 6x more likely to open a phishing email than a marketing email, you can understand why it's important to make sure your Data/Cyber Protection message and training is as simple and uncomplicated as possible."
If you're concerned about the what GDPR means to you, I would be happy to have a brief call with you to cover the basics.
Contact us on 023 92 482556
3 Examples of data security policies from Sophos to give you an idea of what’s involved: Sample Data Security Policies, please click here.