The General Data Protection Regulation (GDPR) is coming into force in May 2018 and many businesses haven’t started preparing for the change. There are many service providers out there who are using this opportunity to ‘sell on fear’ and offer their solution as a one stop shop to comply with GDPR but it’s not as simple as this.
As part of this scare mongering, many companies are saying that you need to have everything in order before the deadline date or you will face a hefty fine if you are breached. Whilst you should be aware that May 25th is fast approaching, the Information Commissioner’s Office (ICO) have provided guidance saying that at the very minimum, you need to have a plan in place to show that you are working towards compliance and mitigating against the risk of a data breach.
A certified GDPR practitioner can help you with this plan
Implementing an effective ‘journey to compliance’ plan could require significant work and having knowledge and competence is a good start. The ICO have stated that the UK is 30,000 GDPR practitioners short of what they need to get organisations where they need to be by 2018.
Luckily, we have one in house here at Metaphor IT! Ben Smyth, is a registered GDPR Practitioner which means he has the knowledge of the Regulation’s requirements and a practical understanding of the methods and tools for implementing an effective compliance framework, including how to fulfil the role of a data protection officer should you need one.
The GDPR Roadmap
Creating a risk register is the first step to planning as this will help outline all areas of the business that are at risk, as well as what impact the risk has on the business, the likelihood of the risk occurring and the mitigation strategy. From this you will be able to create an actionable list of recommendations that you can then put into a timeline which will form the basis for your plan. Metaphor IT are providing GDPR workshops which provide the tools and resource needed to fill out a Risk Register, create a recommendation report and an Action Plan which can then be presented to the board.
This new regulation is lengthy and covers more than just using expensive software to protect your business from cyber threats; you also need to think about this from a company wide perspective including HR, Finance and Marketing. As every department is involved, some are struggling to know who should take responsibility for this but ultimately, the accountability lies with the company Directors.
Want more information?
View our range of online resources to help with GDPR compliance or contact Ben for some friendly advice or to book in a GDPR Workshop.