GDPR How to Start
What you need to be doing NOW….
So you've decided to do something about GDPR or need to work out where to start. Below we have some basic tips to help you keep in control. This outlines where to start which for many companies is the point they are struggling with, we will follow on later in more detail about how to continue the process ready for the 25th May 2018.
To help with your journey on the GDPR, keep in mind the 3 x P's to help keep you on track and appropriate.
The Starting Point
Consider and Review
Review the data that you have, in most companies we audit there is a high percentage of redundant data and people are often surprised where data has spread to. Consider the ways in which you are processing personal data and the systems you are using and understand what the risk is. With the rise in cloud services, many companies have CRM and mailshot systems that are outside of the UK and EU. These need to be reviewed and the policies on the transfer of data considered to ensure that the legal requirements are met.
Review how you are protecting data and if your systems are adequate to do this.
What level of security awareness do they have and has their training been scheduled keep them up to speed
What processes do you have already and how do they need to change.
Document all GDPR processes and procedures so you can demonstrate GDPR readiness, this includes having policies and procedures that say how you will deal with data and how the owners of that data can request access.
Do you have a requirement for a Data Protection Officer (DPO)? Have you considered the risks to the data that you hold?
Complete a risk assessment and create a Data Privacy Impact Assessments (DPIA) needed and to start considering privacy by design. Which means, make privacy a fundamental part of your business as usual.
Look at technologies that have an appropriate layered protection approach and to help you monitor, maintain, track and recover from cyber-attacks and data breaches. There are some basic technologies that all business need to ensure that the level of protection is adequate and systems are up to date, GDPR is vague in how it defines this but in essence you need to ensure the systems are protected by current methods.
If you would like to speak to us about any of the points above and how they would fit in with your business, please feel to contact us on 023 92 482556.