Don’t hire a GDPR Blagger!

Is it just me or does every IT company seem to be an expert on the General Data Protection Regulation now!? All I seem to see in is advice on how to get my business to be GDPR compliant. The problem is, a lot of what I see could be seen as scare mongering and untruths. We have written an article on the common GDPR misconceptions that we hear when talking to our client’s.

The problem is that there are a lot of over-engineered solutions which a lot of businesses don’t actually need as long as they have a good standard of cyber awareness and data protection. The General Data Protection Regulation is mainly about policies, processes and procedures and technology can be used to assist in complying to some of the articles within the regulation.

Firstly, there is some very good information available from the Information Commissioners Office and this should be your first call, we have also collated some GDPR Compliance Resources here.

The ICO have published a guide on the 12 steps to take now to prepare yourself for the General Data Protection Regulation.

Secondly, seek expert advice from qualified people – such as Ben Smyth who is certified GDPR Practitioner, they have been on appropriate accredited courses and can help you fully understand what you need to do. You can check if someone is a registered practitioner by visiting the GSAQ website. 

The next step is creating a gap analysis of where you are now in terms of compliance (if you conform to the current Data Protection Act then you are in a good place) and where you need to be by May 2018. From here you can work out what needs doing by when and start prioritising tasks. A lot of GDPR is about understanding risks of where data could be compromised and how you can mitigate those risks. Yes, technology will help but there is no such thing as GDPR compliant software or platforms so don’t get sucked into the marketing. Most of GDPR is about documentation and process and this is where your time should be spent.

The team at Metaphor IT can complete a GDPR readiness assessment that may be useful to your business. If you would like to use this tool as a starting place then please do contact us or you can check out our resources below for extra information on the General Data Protection Regulation.