Data Protection Compliance
Update your organisation’s Data Protection regime
GDPR is a new law that protects EU citizens’ personal data. Businesses, charities, sole traders, start ups – any operation holding personal data or offering services or goods to people or businesses in the EU is required to comply. UK government has enacted the The Data Protection Act 2018, a similar law for after Brexit.
Businesses that hold personal data – both data processors and data controllers – will be held responsible for the proper handling of data. Information stored in the “cloud” is still subject to the law.
Data must be kept securely, and permission is needed from the citizen to keep any personal data, or to use it in any way.
Businesses will need to prove that they follow GDPR, they will need data protection policies, privacy impact assessments and relevant documents on how data is processed, or they may be subject to fines.
For a very high level outline of GDPR click here
Our five step Approach to help you comply with GDPR includes considerations for improving information security across your organisation. This should not be a box-ticking exercise – it is an opportunity to
- ensure that your data protection regime is conformant with the legislation,
- increase your resilience against security breaches
How Cyber Guardian protects your websites and customers
Understand your organisation and create the governance framework for how data protection is going to be managed and the direction for data protection compliance.
Our experts provide you guidance to see that you have an appropriate data protection governance framework in place. We expect to work alongside you providing knowledge transfer throughout the project.
Conformance to GDPR requires that organisations ensure that their policies are in line with the new requirements. Documenting current, or improved practice, is a great way to ensure that everyone understands what they have to do.
Our experts will help you update policies and formulate any required improvement plans.
There are a number of processes that you need to define. For example:-
- Privacy Impact Assessments – Know risks associated with processing
- Subject Access Requests –Respond efficiently when Data subject exercises rights
- Breach Management – Keep log of all breaches and notify ICO within 72hrs of discovery
- Manage Suppliers – Exercise due diligence when selecting, contracts containing necessary terms and regular auditing.
- Audit – Confirm organisation is compliant with policies
Our experts help you define processes appropriate for your organisations size and risk appetite.
Your people are key to you being able to run a successful compliant business. Organisations need to ensure that they have the right processes in place during recruitment, and that everyone is aware of their accountabilities for managing clients’ personal data; ensuring they follow the policies and processes you have in place.
Our experts can help you create and deliver an appropriate training and awareness plan to keep your staff up to date.
As part of a getting ready for GDPR most organisations will need to complete an exercise to ensure that management of personal data is compliant with the new legislation.
Most organisations will need to complete activities to
- understand what personal data they hold
- document the processing they do of the data
- review the privacy notices that are given to individuals when they part with their personal data
- review contracts with suppliers and in some cases customers
- review the protections of both paper and electronic data stores
Our experts can help you shape the mapping exercise and assist in its completion.
By understanding your data protection obligations, and how personal data is stored and processed throughout your organisation, you will find many benefits, including :-
- A great improvement in the mitigation of confidentiality risks of this data
- An Increase in your organisation’s operational resilience to threats
- Confidence that data processing is compliant with GDPR and your obligations are met
- The knowledge that Information Security efforts are aligned with strategic business objectives
- An avoidance of hefty fines
Whitgift Security will tailor our 5-Step Process to the size, type and complexity of your organisation. We can be flexible about the amount of advice we give you – whether you simply need some direction, or need hand-holding throughout the project.
Get your organisation GDPR compliant with Whitgift Security