Are you and your business now GDPR compliant?
The General Data Protection Regulations (GDPR) are the new global standard for data privacy rights, security, and compliance. On 25th May 2018, the regulation came into force and you need to ensure your business is GDPR compliant.
GDPR is designed to impose regulations on any organisation that process or hold personal data. Six key principles are included as part of that requirement:
- Transparency, fairness, and lawfulness in the handling and use of personal data. You will need to be clear with individuals about how you are using personal data and will also need a “lawful basis” to process that data.
- Limiting the processing of personal data to specified, explicit, and legitimate purposes. You will not be able to re-use or disclose personal data for purposes that are not “compatible” with the purpose for which the data was originally collected.
- Minimising the collection and storage of personal data to that which is adequate and relevant for the intended purpose.
- Ensuring the accuracy of personal data and enabling it to be erased or rectified. You will need to take steps to ensure that the personal data you hold is accurate and can be corrected if errors occur.
- Limiting the storage of personal data. You will need to ensure that you retain personal data only for as long as necessary to achieve the purposes for which the data was collected.
- Ensuring security, integrity, and confidentiality of personal data. Your organisation must take steps to keep personal data secure through technical and organisational security measures.
Currently, your data is probably spread across a wide array of IT environments – personal devices, on-premise servers, cloud services, even held within the Internet of Things. This means that most of your IT environment could be subject to the requirements of the GDPR.
Contact our IT security experts about your GDPR compliance. We have helped and continue to support lots of businesses across Sussex, Brighton, Kent and London.
Broadly, your progress towards compliance can be broken down into four key steps:
- Discover – identify what personal data you have and where it resides
- Manage – govern how personal data is used and accessed
- Protect – establish security controls to prevent, detect, and respond to vulnerabilities and data breaches
- Report – execute on data requests, report data breaches, and keep required documentation
For each of the steps and the six key principles, we can help guide you through the process and provide you with the tools that can help you address the requirements of that step.
Given how much is involved, you should not wait until GDPR enforcement begins to start your preparation. Contact our Security and Data Protection team to discuss how we can help you on your way to compliance.