Is it just me or does every IT company seem to be an expert on the General Data Protection Regulation now!? All I seem to see in is advice on how to get my business to be GDPR compliant. The problem is, a lot of what I see could be seen as scare mongering and untruths. We have written an article on the common GDPR misconceptions that we hear when talking to our client’s.
The problem is that there are a lot of over-engineered solutions which a lot of businesses don’t actually need as long as they have a good standard of cyber awareness and data protection. The General Data Protection Regulation is mainly about policies, processes and procedures and technology can be used to assist in complying to some of the articles within the regulation.
Firstly, there is some very good information available from the Information Commissioners Office and this should be your first call, we have also collated some GDPR Compliance Resources here.
The ICO have published a guide on the 12 steps to take now to prepare yourself for the General Data Protection Regulation.
The next step is creating a gap analysis of where you are now in terms of compliance (if you conform to the current Data Protection Act then you are in a good place) and where you need to be by May 2018. From here you can work out what needs doing by when and start prioritising tasks. A lot of GDPR is about understanding risks of where data could be compromised and how you can mitigate those risks. Yes, technology will help but there is no such thing as GDPR compliant software or platforms so don’t get sucked into the marketing. Most of GDPR is about documentation and process and this is where your time should be spent.
The team at Metaphor IT can complete a GDPR readiness assessment that may be useful to your business. If you would like to use this tool as a starting place then please do contact us or you can check out our resources below for extra information on the General Data Protection Regulation.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.