Why the fuss?
There have been numerous statements and seminars about GDPR and Data Protection regulation compliance.
Despite the deadline for compliance having passed on 25th May 2018, many companies are still discussing the impact of the new Data Protection regulations on their organisation and wondering what they need to do about it.
It was astounding to see the level of scare tactics being used as a way to persuade organisations to take action.
Let’s be absolutely clear
The window of opportunity for your business to become compliant with GDPR did not close on May 26th, 2018. And the sky didn’t fall in.
Organisations may have been under the impression that the new regulations did not apply to you. However, if your business, organisation, club or society handles personal data of any kind, there will be aspects of GDPR with which you will need to comply.
In the new Data Protection world, ignorance is no longer bliss, nor will it be an acceptable excuse for non-compliance.
Much noise, little substance
There is still a lot of noise, but less substance or real understanding of the operational challenges that compliance with GDPR can bring to your business.
Data Protection is a business responsibility as well as an IT one. We provide a range of services bring clarity on the substance and support organisations to become compliant.
What does being compliant mean?
Well, you need to be able to demonstrate (as a minimum) the following:
- Staff are trained and aware
- Policies and procedures are in place to handle the new requirements
- Privacy notices are updated and communicated
- Data is defined and mapped for ownership and security
- Consent for the data you have has been given or you have a legitimate reason for collecting it
Without doubt, as a minimum, all organisations now need to:
- Have a clear understanding of where your customer data is residing across your network
- Be operationally ready and able to collect and provide that information within a Subject Access Request (SAR) quickly and efficiently
- Have a justifiable reason for the collection of personal data – customer and employee – or a process in place to obtain consent
If you need help with becoming compliant with GDPR, contact us and we’ll be delighted to help.