On May 25th 2018 the General Data Protection Regulation (GDPR) replaces the 1998 Data Protection Act as the legislation around the protection of personal data. Is your business ready for the change?
The risk of non-compliance is very significant (fines of up to 4% of annual turnover), Greenlight can quickly help your business understand how ready you are and guide you to achieve compliance.
Greenlight Computers GDPR Consultancy
The Information Commissioner’s Office (ICO) has confirmed GDPR legislation is coming to the UK even with BREXIT, so we all need to make our business compliant.
The Greenlight team can assist your business in getting GDPR ready by simplifying the process, defining the data architecture & workflows and establishing new policies and procedures.
At the top level, you will need to define where your business operates as a data controller and where it operates as a data processor. Your data is then treated in two broad categories Sensitive Personal Data & Ordinary Personal Data, each type of data has a series of lawful compliance tests to comply with.
7 key steps to achieve GDPR compliance
- Complete a Data Audit – if you don’t know what you have you can’t achieve compliance. Map your data and identify weaknesses on a risk register.
- Review your Data Architecture – design a data architecture that isolates your Sensitive Personal Data, making it easier to manage compliance. Only hold what you need to hold & carefully define where it is held and who can access.
- Review Responsibilities – check that all those who have access to your personal data know their responsibilities & that these are documented.
- Data Protection Officer (DPO) – appoint a DPO for your business who can monitor your compliance & interact with the ICO should that ever be required. This could be an external consultant on a shared basis or an internal staff member.
- Staff Training – establish an awareness & compliance training schedule for those in your business who have access to or use personal data within their role.
- Privacy Impact Assessments – be prepared for the worst and establish a procedure to minimise the risk of and impact of data breaches. You are expected to put into place comprehensive but proportionate governance measures. Good practice tools that the ICO has championed for a long time such as privacy impact assessments and privacy by design are now legally required in certain circumstances.
- Cyber Security – build GDPR compliance into your overall cyber security governance plan & review schedules. Updating your cyber security risk register on a regular basis will minimise risk for your business.
The more personal data your business handles the more accountable you are to manage it well GDPR compliance gives you a framework to follow for the protection of the business and the individual whose data you hold.
If you think the Greenlight team can complement your internal team in becoming GDPR compliant please contact us.
If you want to dig deeper into your responsibilities the ICO website is the key place for all the latest information.