If you need HELP, SUPPORT or just have a GDPR question please call +44 (0) 208 133 2545 or email us at firstname.lastname@example.org.
Alternatively please visit our contact page
FREE GDPR Helpline
Call +44 (0) 208 133 2545
If you’ve read the first two articles in our GDPR series, you know what GDPR is and you know what GDPR means for IT professionals. If you haven’t yet read these articles, I recommend you start there.
But if you’re familiar with the EU’s new General Data Protection Regulation, you might also know that enforcement begins on May 25, 2018. Now is the time to get your organization ready.
My top 10 tips for preparing for GDPR are listed below. This list is not exhaustive and more tips may be added as more information is made available about GDPR and its effect on our working lives.
Do not presume that everybody knows all about GDPR and is preparing accordingly. In fact, presume the opposite. Send them to my first article about GDPR basics as a starting point. If you would like advice from a HelpSystems security consultant, please get in touch.
In this situation, less really is more. The less personal data you hold, the easier your task will be.
Do you need to appoint a Data Processing Officer (DPO)? Identify the processors—those roles that process personal data. Who needs to be trained to understand their new obligations and responsibilities when processing data under GDPR? Do all employees know what they should be monitoring or doing in order to prevent a breach? Make sure you can answer these questions.
For example, an employee responsible for validating personal data when someone registers on your website must have access to any policies applicable to them performing their role effectively and within the GDPR regulation. The policies must be in plain English so that anybody can understand them.
At HelpSystems, all our employees embrace security by design—from ensuring buildings are secure to designing development processes in an ultra-secure manner. This is part of HelpSystems culture and GDPR should become part of your culture.
Every aspect of your work that touches data should naturally be considered. For example, am I allowed access to this data? Why do I need it? Do I need to notify anybody I am processing it?
Ensure you have well defined policies to identify a data breach, remediate that breach, and notify all affected by the breach within the rigid timescales defined by GDPR, which is currently set at 72 hours. Ensure company insurance policies have been updated to reflect the new penalties.
Be prepared to be challenged and know what to do when you are challenged by one of the subjects’ rights, such as, right to access. This is where the data subject can request access to data and any supplemental data you hold or process relating to them. Be aware of all the rights pertaining to data processing.
The original article (and image) was originally posted here:https://www.helpsystems.com/resources/articles/what-top-10-ways-prepare-gdpr