Despite a lot of the fanfare and marketing hype, it is not too late to get started on General Data Protection Regulation (GDPR) processes and policies. Here we highlight some excellent resources to help you.
GDPR is similar to something already in place called the Data Protection Act in the UK since the 1980s. The GDPR driven by European Union (EU) will strengthen, update and supercede the Data Protection Act on the 25th of May 2018. Even with Brexit, the UK will still need to abide by these rules.
Your business might already have some of the following that can be used to formulate a company GDPR policy or incorporate them into existing ones.
- Staff handbook
- IT policies covering security and data
- Disaster Recovery Plan
- Operating procedures
- Also, see IT Services to help with your GDPR preparations
One of the first places to start is the 11 page PDF from Information Commissioner’s Office. The guide will give you an excellent summary of the regulation.
Carry out a data audit
Think about the information and data in your business. Ask yourself the following questions
- Where do you keep company data?
- What type of data is recorded?
- How is data captured?
- How is transmitted to 3rd parties?
- How long do you keep data, the retention policy?
- Security of company data?
Are you data controller or a data processor?
Example scenario – You outsource your company payroll to another company. They will need personal employee data to pay your staff wages. Your organisation is data controller of this personal information, and the outsourced payroll company is a data processor. You control the data, it belongs to your organisation or should we say, you are guardians of that personal data? The outsourced payroll company is simple processing that data on your behalf.
Software vendors and Cloud Service Providers
Many popular cloud providers and software vendors have dedicated sites outline how their services can be made GDPR compliant. Some provide auditing tools to help you with implementing GDPR procedures, such as centralised search, data retention policies and deletion of data.
- GDPR checklist for data controllers and processors
- GDPR Checklist – Norton Rose Fulbright
- Checklist for tasks needed in order to comply with GDPR
- DMA – GDPR Checklist
HPE overview in less in 90 seconds
Microsoft Office 365 and GDPR
Understanding GDPR and the tools in Office 365 and beyond to help meet its requirements
Disclaimer: The information onsite this site is for your general guidance only and is not and shall not constitute legal advice. If you need information on your rights and responsibilities around data protection matters, please obtain specific legal guidance and contact an adviser or solicitor.
If you would like to learn more about GDPR, security and data compliance, then please contact David or Jamie on 0330 058 1701 or email firstname.lastname@example.org