Getting GDPR Ready
The new EU General Data Protection Regulation (GDPR) is the most significant change to European data protection law in decades. But GDPR is not just a problem for your IT department.
It is an issue for all businesses and not just IT departments as the GDPR requires organisations to respect and protect personal data – no matter where it is sent, processed or stored.
Our approach to GDPR is that IT is not solely responsible. Technology and IT supports the GDPR legislation. However, all departments and staff have a part to play from board level to HR to IT Support teams.
Is your business ready for GDPR?
What data does GDPR apply to?
- Personal Data
- HR Records
- Customer Lists
- Contact Details
- Sensitive Personal Data
- Personally Identifiable Data
Get in touch
Key Questions To Get You GDPR Ready
Where is your data?
You will need to know what personal data you hold, where it came from and who you share it with.
What rights do data subjects have?
Determine what policies and procedures you have in place to deal with data subjects’ rights and update the same to ensure they deal, and comply, with the new guidelines. Privacy notices need to be regularly reviewed to ensure they cover any types of data collected or uses for the data.
Do you need a Data Protection Officer?
It will be mandatory for public authorities and private organisations of over 250 users that monitor individuals or process data on a large scale to appoint a data protection officer (DPO). The controller is responsible for telling other organisations (for instance, Google) to delete any links to copies of that data, as well as the copies themselves.
Can you deal with a data breach?
Implement a data breach response plan so individuals within the business know what do, who to report to and when. Your data controller will have 72 hours to notify a person of any breach.
What is your role?
Determine whether your business is a data controller or processor and become familiar with the new legal requirements.
Are you aware of the right to be forgottten?
Individuals have the right to demand that their data is deleted if it's no longer necessary to the purpose for which it was collected. This is known as the 'right to be forgotten'. Under this rule, they can also demand that their data is erased if they've withdrawn their consent for their data to be collected, or object to the way it is being processed.
How we can help
There is a tendency to hear GDPR and think it’s just an IT problem and that it’s all to do with security of systems with hackers breaking in and stealing your organisation’s data. However, it extends wider than systems and security.
Internal policies and procedures will be critical to demonstrating compliance in key areas such as risk assessment, implementing privacy by design and data breach notification processes. That is not to say there aren’t technical considerations. New requirements and an individual's rights such as the right to be forgotten, as well as enhanced audit trails, will mean technological changes for local businesses.
GDPR Readiness Assessment
We have compiled a GDPR readiness assessment that will ask your business the key questions and spot any holes that need to be filled in order for your business to be GDPR compliant.
Our experienced and accredited security professionals will consult and advise you on the technologies and solutions needed to ensure you adhere to the criteria.
Solid data and network security are at the heart of GDPR. Blue Logic's security experts can provide your business with the analysis, auditing and consultation services to guide your business throughout the process of Cyber Essentials certification.
Contact Blue Logic today to start the process to becoming GDPR compliant and Cyber Essentials accredited, call us on 0333 200 59 50 or complete an enquiry form and we will be in touch.