GDPR – It’s scary isn’t it?

  • Home
  • GDPR – It’s scary isn’t it?
  • 14
    Sep 17

GDPR – It’s scary isn’t it?

Tags : 

scared-peopleYesterday a few associates got around to talking about the General Data Protection Regulation (GDPR) which will become EU (and UK) law in late May 2018. I must admit that I did steer the conversation on to the topic but without exception they all said that they were scared about what was to come with GDPR and how they could comply. The unfortunate myth that consent must be obtained to process personal data was a side topic, but as I discussed recently (as did the Information Commissioner) this is not always the case.

Don’t be scared – plan for it

I can well understand why organisations might be scared as even the Information Commissioner’s Office (ICO) is still to come up with guidelines particularly with regard to obtaining consent and even something as basic as what age a child is (although the GDPR introduces new regulations to safeguard children and their personal data, it fails to specify below what age a person is considered to be a child and leaves that to member states, which could be as low as 12 in at least one state and at least 18 in possibly two others; the UK is yet to decide but the ICO says “probably 13″).

However GDPR should be tackled in the same way as we approach any everyday business project. We do this by implementing the correct administrative procedures for the tasks involved. For GDPR compliance you should:

  • Determine the requirements for your own organisation’s handling of personal data;
  • Determine the requirements for your suppliers handling of personal data which you provide to them;
  • Determine the requirements for the systems you use for collecting processing personal data.

For many organisations, keeping the personal data they handle safe, is nothing new, especially if they already have robust Data Protection Act 1998 procedures in place (you do already have that don’t you?). What is new is that the GDPR requires organisations to document data collection and processing policies and procedures before you go about doing it. Then, it must be possible to show on-going compliance with your own policies and procedures. Not forgetting to determine the lawful basis for doing it as well!

So what should you start to do?

Simplify the process by splitting your route to compliance into manageable stages:

Phase 1 – Identification. You need to define what your organisation’s core activities are. This includes such things as understanding who your data subjects are, where the personal data is collected and stored, who has access to the personal data, and the processes in which the personal data is used?

Phase 2 – Gap Analysis. The results of the identification phase are compared with the requirements set out in the GDPR so that it is clear what gaps your organisation has with regards to complying with the regulation, and so you know what additional procedures you will have to design.

Phase 3 – Privacy Impact Assessments (PIA). A PIA is an assessment tool which identifies the potential effects on your data subjects’ personal privacy and your organisations ability to comply with the GDPR caused by the collection, storage and processing activities you identified in phase 1. And then, most importantly, how detrimental effects can be mitigated. If you are familiar with health and safety risk assessments then this is a similar process. Your PIAs should feed through to your design process so that you are taking a privacy by design approach.

Phase 4 – Contingency Planning. This is an important part of your design process. In cases where a leak of personal data does occur the GDPR contains a new requirement that organisations must inform the relevant authorities. As a minimum you must be able to identify:

  • What types of personal data were leaked?
  • How many data subjects does the leak involve?
  • What are the consequences to those data subjects?
  • What has been done to ensure that this does not happen again?

Phase 5 – Awareness. Ensure that all your staff are familiar with their responsibilities and the procedures you have designed to collect, store and process personal data. To some this will be new, and so time needs to be taken for training.

Phase 6 – Implementation. You should now be ready to collect, store and process personal data in compliance with the GDPR.

Phase 7 – Ongoing Management and Monitoring. It is not just a case of implement and forget! You must be able to show on-going compliance with your own policies and procedures. So in your design process don’t forget to include this.

There is no doubt that complying with the GDPR will involve a lot of work but if you take a staged approach it should not be a headache and it should certainly not be scary come May 2018.

GDPR Preparedness Toolkit Seminar

This 2 hour seminar will help you, as you take your first steps towards compliance by sharing practical insights about implementing a data security based approach in line with the Regulation. You will learn about:

  • Why you have to comply with the GDPR and what might happen if you don’t.
  • The GDPR’s direct effect on your business and the transition timelines.
  • The steps to take in preparing for compliance.
  • The technical and organisational measures your business will need to adopt to comply with the Regulation.
  • A key assessment toolkit you can use to help you to achieve compliance.

The seminar will be held at The Birch Hotel, Heywood with easy access to the M60, M62 and M66 on:

  • Wednesday, 27th September 2017, 14:00 to 16:15SOLD OUT
  • Wednesday, 25th October 2017, 14:00 to 16:15
  • Wednesday, 29th November 2017, 14:00 to 16:15

Standard tickets are £25.00

Early Bird Discount tickets are £15.00 (available only if you book within 14 days of the seminar)

Contact us on 0345 319 4887 to book or book online with Eventbrite.

News Archive

More Information (PDF)

Smarter Technologies Ltd, Unit 1 Broadfield Industrial Estate, Seymour Street, Heywood, OL10 3AJ | Company No.: 07172781 | VAT No.: 794 7491 68

 Request a Quote

What our clients say:
Dave BagleyDave BagleyUrban Outreach (Bolton)
Thanks again for the swift response from Smarter Technologies to our IT needs recently. All is working perfectly.
Jane HaywardJane HaywardYMCA Black Country Group
The service I have received has been excellent, from the initial meeting where the process was explained to managers, right down to coming out to go through SharePoint with me.
Richard BoydRichard BoydRed Flame Marketing
I found the IT support for my small business to be excellent. Everything is clearly explained in non-technical language; prompt service and very affordable. Will be recommending Smarter Technologies to other businesses. (In fact, I already have!).
Sharon HamerSharon HamerThe Housing Link (2003)
Thank you for all your advice, help and support. I would not hesitate to recommend Smarter Technologies.
Bill LeesBill LeesThe Housing Link (2003)
Smarter Technologies make so many complicated things sound clear and understandable in a way that I completely understand.
Lynne SprigingsLynne SprigingsBolton Young Persons Housing Scheme
As a small charity it’s really important for us to have reliable and responsive IT support, which Smarter Technologies supplies.
Tracey PeaceTracey PeaceRamsbottom Kitchen Company
The Smarter Technologies team are like extended members of our staff and always go the extra mile. The team come in early and stay until they finish – they even lock up for us.
Jim GowmanJim GowmanYMCA Black Country Group
Just to say to the Smarter Technologies team, thanks for a very smooth transition into the 21st Century of IT with our upgraded equipment. All aspects of the installation have received positive feedback from day one.
David Lackner-SmithDavid Lackner-SmithThe Sanctuary Trust
It’s great being able to rely on such prompt service from Smarter Technologies, it really gives us peace of mind knowing that our IT support is provided by a team that will go the extra mile.
Andrew JennerAndrew JennerRCD Leaflets
Please pass my thanks on to the team as the whole process from quote to install was unbelievably thorough, efficient and smooth.
Andrew BeeputAndrew BeeputThe Bond Board
Smarter Technologies really understand the pressure charities are under and consider this when making recommendations. They saved us so much money – I can’t put a price on their help. It was invaluable.
Graham EvansGraham EvansThe Housing Link (2003)
We have a tight budget and Smarter Technologies has enabled us to ‘work smarter’ and provide fast assistance to those who need it. It has played an integral role in the success of this charity.
Nikki PriceNikki PriceInstil Bio (UK) Limited
Thank you very much for your help on a Saturday! I can’t tell you how very grateful we are to you for helping us out with this last minute request and doing it so promptly.
Maura JacksonMaura JacksonBackup North West
Smarter Technologies have looked after our IT for well over 10 years. They are fabulous, knowledgeable, hard working, thorough, reliable, good value for money and proactive.
Jim GowmanJim GowmanYMCA Black Country Group
I want to pass on the thanks received today from across all parts of the YMCABC teams about how robust the IT systems have been. We have had to get to grips with remote working and with this pandemic it has come into its own.
prevnext

© 2011-2024 Smarter Technologies Ltd  |  Privacy Statement

%d bloggers like this: