By Brian Cowan
During the last 12 months EU GDPR readiness has been a hot topic in blogs, seminars and board rooms around the world. Yes, I did say around the world.
Global impact of GDPR readiness
Organisations across the globe that wish to continue trading with the EU have been assessing their requirements and taking steps towards GDPR readiness. Examples are included in the following articles:
In the UK there has been a determined effort by the ICO to inform and advise British organisations about the importance of preparing for May 2018 when this legislation goes live. The regulatory controls of GDPR have already been adopted into the post-Brexit drafts for UK legislation – GDPR is here to stay.
The “Fear Factor”
A great amount of the early publicity around GDPR readiness focussed on the fines that could be levied for data breaches. Whilst these numbers were high, they are not the primary reason that businesses are implementing GDPR. As can be seen by the global move towards preparation, organisations wishing to operate in the EU (and UK post-Brexit), need to be able to demonstrate their competence in personal data management processes. This is not just for commercial organisations wishing to protect their place in supply chains, it affects any organisation that holds personal data including hospitals, schools and nurseries.
Whilst the headlines threatening huge fines got attention, I believe they also caused an effect similar to a rabbit being caught in headlights, among smaller organisations. Those SME organisations that do not have wide expertise in house were hit by headlines telling them that they needed to analyse data, draw up legal policies, take out GDPR Insurance and upgrade their cyber defences. They could not embark on the preparation process because they did not know how or where to start.
GDPR Readiness or Compliance
Can you be GDPR Compliant? This implies having met defined criteria and achieved stated targets. Ideally this would result in a recognised certification such as the ISO 27001 or similar standard. I would suggest that GDPR “Readiness” is a better way to think about the next few months and addressing each aspect of GDPR as a sub-project to the whole.
For example, it does not make sense to try and encompass information requests, data types and user awareness in the same project, although GDPR connects them. Being a GDPR ready business requires input and action from most areas of an organisation.
To simplify the approach it is possible to break this into three discreet areas:
- Legal preparation. Taking each legal requirement of the regulation and looking at the policies that have to be created or amended
- Data preparation. Assessing the information that is currently stored and defining how this will need to change for the future. This includes new creation, search, delete and reporting requirements
- Protection. This is fundamentally about data protection but encompasses technology and staff. After all, you could spend £1,000’s on firewalls, anti-malware and other security products, then a User opens the wrong file in an email and your data is exposed. Staff training is vital part of this training.
Our GDPR Readiness seminar
Over the last 12 months Keytech staff have presented at and attended several GDPR talks and whilst they were useful in describing the requirements, they did not help in addressing them. Working with our partners, Stephensons Solicitors and Attain Digital we are addressing this on Friday 10th November, in a breakfast seminar at the DW Stadium in Wigan.
The agenda covers each of the three areas outlined above, with GDPR readiness guidance for each. Experts will also be on hand to discuss individual requirements and concerns.
The event is free to attend and as its an early start, breakfast rolls and drinks are provided at the start. The event will conclude at 10:30 am. For further information and to register please click in the image below.
Alternatively, if you would prefer to have a private discussion about your GDPR readiness requirements, please call Brian Cowan at Keytech on 01942-311150, or email to email@example.com.