No matter what the size of your business you need to ensure that you have the correct processes and policies in place.
IT is a huge contributor to ensuring your business remains compliant.
Not only does a business have to consider their external suppliers carefully and ensure that if you use some form of Cloud Service it is based in the EU and abides by GDPR. Or if it is not based with an EU country then you have a Binding Corporate Rule (BCR) in place ensuring they work to the same rules and principles of GDPR. A business must also ensure that you have policies in place to ensure that everything possible is done to limit any chance of a possible Data Beach.
80% of breaches are through human error and 20% are through an external attack.
You need to make sure your IT policy is sufficient to limit;
- Who has access to Personally Identifiable Information (PII). (Staff, Suppliers etc.)
- Who can alter and update PII,
- Where PII is within your business (Downloaded spreadsheets, on mobile phones, on remote hard drives, servers etc.)
- Where and how is your PII stored (In the cloud, All in one place)
- How regularly is the data backed up and the processes involved in the back up
- Do you use a third party / Processor? If so have you clearly stated what that Processor can and cannot do?
This is not a definitive list and will vary heavily depending on the size and purpose of your business. We are here to help.
GDPR is daunting but with the right awareness and processes in place we can ensure a smooth transition to compliance.
Data Protection Officer
We are here to help you become compliant with GDPR and avoid hefty fines from the Supervisory Authority (ICO) as well as avoid private law suits. We help through; Monitoring Compliance, Provide information, Advice, and Liaise with the Supervisory Authority (ICO for the UK), Work with the Highest level of Management as well as Data Controllers and Processors, Help clients manage risk through Data Protection Impact Assessments (DPIA), Help design and Implement Corporate Policy to ensure Compliance with GDPR, Offer Corporate Awareness Training, Provide Advice, Where Requested, Cooperate and act as a Contact Point with the ICO on your behalf, Help Speak to Data Subjects on your behalf if there is ever an issue with a Data Breach.