12 Sep
Is now the time to take GDPR and Cyber Security seriously?
Is now the time to take GDPR and Cyber Security seriously?
With the news over the weekend that a major provider who claims to keep your data safe was breached, is now the time to take the regulation of GDPR seriously along with ensuring your monitoring for breaches stands up against common threats.
From May 2018 organisations must be able to respond with any data breaches confirming exactly what has been targeted. The ICO confirms “Make sure you have the right procedures in place to detect, report and investigate a personal data breach”. As we know the fines are not insignificant so making sure this is right has to be a top priority.
GDPR builds upon the existing Data Protection Act. The key aspect being able to demonstrate you as an organisation is compliant, for customers and staff data. If your organisation can prove you are currently fully compliant to the existing data protection act, know, where, who, why and what country your data is held and can provide a cast iron guarantee that you can prove the legal basis for processing that data, have the best people, processes and technology in place, now and post May 2018 then compliance with GDPR should be straight forward for you to demonstrate to the ICO.
A common legacy issue for companies has been bad data and the opportunity has now arrived allowing organisations to get this right. The benefit of GDPR is the potential for a single customer view, understanding what data you hold and where its held while you must correct any data held both internally and externally.
At APS we have a framework to follow to evidence the data and information you hold to be compliant, while offering services post GDPR around the Data Protection Officer. We are currently delivering this in our clients and our experience along with our framework is an accelerator some companies need that haven’t started to look at GDPR.