The General Data Protection Regulation (GDPR) is NOW here
What does this mean for businesses going forward?
The General Data Protection Regulation came into affect on the 25th May 2018.
We discuss what that means for businesses going forward in terms of ongoing GDPR compliance.
RECAP: What is the GDPR?
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
If you hold and process personal information about your clients, employees or suppliers, you are legally obliged to protect that information.
With personal and sensitive data you must:
- Only collect information that you need for a specific purpose;
- Keep it secure;
- Ensure it is relevant and up to date;
- Only hold as much as you need, and only for as long as you need it; and
- Allow the subject of the information to see it on request.
What businesses should have done to be GDPR compliant
Keith Budden, our GDPR Consultant recommends a number of things you need to do to become GDPR compliant:
- Map your business’s data. What personal data do you have? Who has access to it? Where is it stored?
- Determine what data you need to keep. Only keep data that you need to keep.
- Put security measures in place. Does your website have a SSL certificate? Is your data encrypted?
- Establish procedures for handling personal data. Everything from collecting, storage, rectification and removals.
What happens after everything is in place?
GDPR Compliance is not a one off activity. Once all the above is in place it will be important to ensure they are enforced and kept up to date. Here are some example tasks that should be done on a regular basis:
- Ensure all customer data is properly maintained. Records need to be kept on all personal data – where it came from and who it is shared with.
- Ensure new employees are aware of your GDPR policies and procedures (Including staff awareness training)
- Dealing with SARs (Subject Access Requests) as and when they come through. Ensuring they are dealt with within 30 days of receipt.
- Ensure due diligence is carried out on new suppliers (3rd Parties) that will process your Personal Data.
- Address privacy and security risks and ensuring your processes are fit for purpose
- Data Breach and Incident management
- Data Protection Impact Assessments
- Continuous Security Testing
There is certainly a lot to do, however this is where the GDPR Tracker can help…
He has worked with over 80 clients including British Airways, the Metropolitan Police, the Ministry of Defence and the Serious Organised Crime Agency (SOCA). Keith also has a number of high profile roles including being a board member of an NHS Clinical Commissioning Group.
There are few professionals with his length and depth of experience, and now offer this experience to the business world to help them implement GDPR.
Stay Compliant with the GDPR Tracker
The GDPR tracker is an online tool that will guide you around the items that need to be considered under the new General Data Protection Regulations and ensure you stay compliant too.
Once inside you’ll see that the system is straightforward. All aspects of GDPR get covered and split into sections. You work through each of the sections, answering questions about your business.
Progress gets tracked so you know how much more you need to work through before you are compliant.
Details about the actual regulations are right there in the system. No going back and forwards to many websites to find a part of the policy.
At the end you can download everything to a PDF document which can be shared with anyone who needs to see how you comply (e.g. customers, regulators).
Once completed the GDPR Tracker will act as a live repository of the steps you’ve taken to be GDPR compliant. It’s important to ensure that this is kept up to date (As and when your business changes or when the GDPR changes too)
You will get everything you need to get GDPR compliant:
- Step by step guide on how to document your data flows, internally and externally to your business
- A guide to what data your business needs to keep and how long for ensuring the correct procedures are in place.
- Instructions on what security measures you can put in place to ensure digital and physical data you hold is secure.
- Instructions on what you can and can’t do with data throughout your business. This will keep you on the right side of the law.
And how to stay GDPR compliant:
- Task management for ongoing GDPR compliance
- SAR management and workflow
- Risk management
- Breach management
- DPIA management and workflow
- And more.
When you buy the GDPR Tracker you’ll also get access to a private support group on Facebook with GDPR consultants on hand to answer all your questions.
That service alone is worth more than the price of the software.
The GDPR Tracker will get you GDPR compliant and enable you to stay compliant:
- Without expensive lawyers
- Without the stress and headaches from not knowing what to do and where to start
- With the support of our GDPR consultants
And you will avoid the huge fines for non compliance and keep your business running smoothly.
Manage ongoing GDPR compliance with the GDPR Tracker
If you were to go out and put this package together for yourself it would cost well over £1,000 (without even thinking about developing the software).
All the policy documents would cost in excess of £500 and GDPR consultants charge more than £100 per hour.
By using the GDPR Tracker to become compliant you’ll save hours (You know your business better than anyone else) and save a small fortune if you were to use a GDPR consultancy to do it for you.