01223 834844 / 01279 261262
Computers, IT and Cabling
8 The Mill, Copley Hill Business Park,
Cambridge, CB22 3GN
Copyright © All rights reserved 2017 -
IT Support Cambridge
As the deadline for the General Data Protection Regulation (GDPR) gets closer, many organisations
are having to answer questions about their own setup and security.
Some of this will be quite straight forward as you already do the correct things and have it
documented, some will require a little more effort as you probably are almost there and just need
to formalise a few things, but others will look like staring into the abyss.
Firstly it is important to understand that the GDPR is there to ensure that any organisation that
has your data treats it correctly and in line with any agreement you have with them, so it follows that your company should do the same to your clients. The GDPR will be enforced from 25th May 2018.
To help you do what is needed there are a number of online resources, and if you are members of trade bodies and federations they will also be there to help you. But whoever you use to assist you there are some basics that you should think about that can really help simplify things, such as:
Are you keeping data on clients that you don’t need – you should not be doing this, just because you can collect and retain information does not mean you need or can justify having it. Also why spend time and money on protecting data that is not needed.
Is your data up to date, you are responsible for making sure that the information you have is correct, but in any case what use is information that is not current.
Do you have permission to use the information you have, you may have collected client data for one purpose, but that does not mean you can use it as you like – you need permission to do this.
If you have stripped away the information you don’t need, and that which you do not have permission to use or is not up to date you will probably have less to protect.
Given that most of us store data about our clients somewhere in our IT system, that is probably the area that will require most of your efforts to be compliant.
Also it is the failure to protect client’s data that brings the biggest headlines, target hacks and data breaches or memory sticks left on trains; the fines and penalties for this are going to be much higher under the GDPR.
All this can sound alarming but there are straight forward solutions, from encrypting data and controlling
who can access it, to having the policies in place to allow effective control. Whilst the requirements of each
organisation will vary, that does not need to mean that it will be expensive or complex.
The first steps are to assess what you already have in place, document it and work out where you fall
short, then put a plan in place to address those areas.
Use the resources you already have access to, so for your IT it can be your support company -
keep costs down and make the job easier.