Five tips for GDPR
GDPR (General Data Protection Regulation) will replace the current European Union Data Protection Directive on 25 May 2018 and must be followed by all EU member states – including the United Kingdom.
GDPR is designed to protect personal data, give individuals control over how companies use information relevant to them and make sure organisations process, store and destroy the data they have in a secure and safe way.
You can read our previous article on the subject here.
Here are five tips for organisations getting ready for GDPR to take effect. Whilst it’s easy to keep GDPR out of sight and out of mind, it’s not recommended. Fines for data breaches are massive – up to 20 million Euros or 4% of an organisation’s turnover, depending on which is bigger. Now is the time to get your organisation ready for GDPR, especially as UK businesses will still have to comply with GDPR after the UK leaves the EU in 2019.
Do you need the data you are storing? Document the data you are storing and the reasons for storing it.
Along the same lines, it may be worth just getting rid of historical data you no longer need. The less data you have, the less you have to worry about.
Make GDPR part of your day to day. It’s not going anywhere; thus you should get in the habit of thinking about it every time you deal with data. Are you allowed to use the data? Do you really need it? These are questions that you should be asking yourself.
You need to have distinct policies in place in the event of a data breach – how to identify one, how to fix it and how to notify all those affected by it.
Communicate with others in your organisation to make sure that everyone is aware of the new expectations and what to do. Not everyone is going to be aware of GDPR and may need advice in preparation for it.
This is just the tip of the iceberg, so don’t leave getting ready for GDPR until the last minute, save yourself a lot of trouble and get started today.
How Do I Get Cyber Essentials?
Certification with Cyber Essentials can be started today. You can download our Scheme Summary which will provide you with background about the scheme, the scope of the assessment, assurance framework and the next steps to becoming certified.
Certification to the Government’s Cyber Essentials Scheme is a mandatory requirement for organisations wishing to win business with the MOD, can help your organisation on its way with being prepared for GDPR and can help your organisation prepare and defend itself against malicious cyber attacks.