Contact us at firstname.lastname@example.org for more details .
Is your business GDPR ready?
GDPR, or the General Data Protection Regulation, is the new EU regulation which makes the current Data Protection law much stronger. The GDPR came into force on the 25th May 2018 and, if breached, could result in a fine of up to 4% of annual global turnover.
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Confidentiality, integrity and availability
How do you become GDPR ready?
The definition of personal data has been extended and includes anything that could be used to identify an individual. This includes, for example, genetic data and even IP addresses.
The GDPR will be more robust in its protection of data than anything we have previously seen and businesses will be more accountable.
To become GDPR ready, there are three areas of your business you need to address:
- IT Systems and security – making them secure against malicious attacks and un-authorised access
- Policies & Procedures. Ensure they are up to date and relevant
- Implement new GDPR processes.
Certification to Cyber Essentials is a great first step. Cyber Essentials is a Government-backed, industry supported scheme to help organisations protect themselves against common online threats. It can already mitigate ICO fines if a company suffers a breach. Cyber Essentials certification is evidence that you have carried out basic steps towards protecting your business and your data from internet based cyberattacks.
There are a number of Cyber Essentials Accreditation bodies, however BC technologies chose IASME as they are unique in the fact that they offer the only assessment that can help you become GDPR ready.
You will need to take advice from your trusted advisors in the areas of Legal, HR, Marketing, Insurance and IT.
GDPR readiness will require more than just the Cyber-Essentials basic technical controls. By certifying to the IASME governance standard including the specific GDPR questions, you show your organisation has a wider governance system for management of the controls protecting personal data. The IASME governance standard adds a number of topics to Cyber Essentials which will be required for GDPR compliance, such as assessing business risks, training staff, dealing with incidents and handling operational issues.
How can we help?
We have a package that will guide you through the complexities of the GDPR. Unlike many of those two days courses offered by organisations, we won’t just tell you what you need to do, we will actually guide you through how to become GDPR ready. We can then assess your readiness and provide you with an industry recognised certificate.