Everyone will be aware of the new set of Data Protection Rules (GDPR) that came into force on 25 May 2018.
Much has been made of certain aspects of this. Large fines were threatened. Many variations of how you cannot email your contacts were given. Lots of templates were offered whether needed or not.
All Businesses need
-
Careful analysis of their legal obligations under Data Protection laws and risks to the growing problem of cyber-crime
-
Correct procedures for compliance and protection
-
Essential documents and advice on how to apply the rules.
-
Training to ensure staff compliance with all rules and policies
The Reality
-
Many businesses are not compliant and believe because no one has banged on the door it does not matter. Cybercrime is the fastest growing crime and a data breach increasingly likely. Do you want to have to report it to the ICO and the data subject and tell them that you have nothing in place?
-
A majority of businesses that suffer a major data breach go out of business. Not because of the ICO and fines but due to reputational damage. Would you trust someone who lost your data?
-
Many businesses believe that taking a document off the internet and putting it on the website makes them compliant. It does not unless you understand it, comply with it and put all the necessary procedures in place.
-
ICO seeking serious effort to comply even for the small business. The issues have not gone away.
-
Fines are proportionate to the size of the business. Higher standards are expected from businesses with more resources. However basic compliance is expected from all businesses.
-
Many tenders such as with councils now require compliance with Cyber Essentials. We can help with registration.
The Need
-
To map out in a report what data the business holds and what is done with it. It is not as obvious as you think.
-
Decide how to deal with data at each stage to comply with the new rules and what training staff need.
-
Understand what strands are involved in compliance for your business .
-
Put all procedures in place for future compliance.
-
Understand the damage and risks of your procedures and minimise these.
How is this Done
-
Do an initial assessment of what is needed for Compliance.
-
Draft the documentation actually needed.
-
Organise physical compliance.
-
Organise IT compliance.
-
Train any staff. We have a range of Training Packages.
-
Monitor ongoing issues.
-
Advise on Cyber Essentials and arrange registration if needed.
Current Data Protection law including GDPR involves a change in mindset as to how a business deals with the data it holds. It requires some care and the correct procedures put in place. It is less frightening but subtler than much of the publicity around in May 2018 would let anyone believe.
Data Protection Officer
We also offer a Data Protection Officer Service for any business. You may not have the time to ensure ongoing compliance or not want to take on the risk as it requires good understanding of what is required.