Contact us at gdpr@bc-group.co.uk for more details .
How do you become GDPR ready?
The definition of personal data has been extended and includes anything that could be used to identify an individual. This includes, for example, genetic data and even IP addresses.
The GDPR will be more robust in its protection of data than anything we have previously seen and businesses will be more accountable.
To become GDPR ready, there are three areas of your business you need to address:
- IT Systems and security – making them secure against malicious attacks and un-authorised access
- Policies & Procedures. Ensure they are up to date and relevant
- Implement new GDPR processes.
Certification to Cyber Essentials is a great first step. Cyber Essentials is a Government-backed, industry supported scheme to help organisations protect themselves against common online threats. It can already mitigate ICO fines if a company suffers a breach. Cyber Essentials certification is evidence that you have carried out basic steps towards protecting your business and your data from internet based cyberattacks.
There are a number of Cyber Essentials Accreditation bodies, however BC technologies chose IASME as they are unique in the fact that they offer the only assessment that can help you become GDPR ready.
You will need to take advice from your trusted advisors in the areas of Legal, HR, Marketing, Insurance and IT.
GDPR readiness will require more than just the Cyber-Essentials basic technical controls. By certifying to the IASME governance standard including the specific GDPR questions, you show your organisation has a wider governance system for management of the controls protecting personal data. The IASME governance standard adds a number of topics to Cyber Essentials which will be required for GDPR compliance, such as assessing business risks, training staff, dealing with incidents and handling operational issues.