Are you still sweeping GDPR under the carpet?

14 Jun, 2018

Are you still sweeping GDPR under the carpet?

If so, don’t be embarrassed, you’re not on your own. In March it was revealed that a large proportion of businesses were either only in the early stages of preparation or hadn’t even started.

Whilst the ticking time bomb counted down to 25th May 2018, this was not a final cut-off.  GDPR is an ongoing matter that your business will need to continually comply with so it’s not too late to start your preparations.

Firstly, we’ll look at what it is, secondly at the ICO Checklist and finally how we can help you comply.

Not sure what GDPR is?

The General Data Protection Regulations (GDPR) is a beefed up version of Data Protection. It has been a regulation for a while but became legislation on the 25th May.  If you fail to comply, you run the risk of big fines from the Information Commissioner’s Office (ICO).  The potential fines for failing to comply with GDPR could reach up to €20 million or 4% of the group worldwide turnover (whichever is the greater) against both data controllers and data processors.  You can find out more about GDPR on the ICO website.

To put these fines into perspective, The University of Greenwich recently became the first university to be fined by the ICO following a ‘serious’ security breach involving personal data. As this fine was issued under the Data Protection Act 1998, they were only fined £120,000.  Had this been under the GDPR, the fine could have been considerably higher!

So, if you haven’t even thought about GDPR then what are your next steps?

12 Step Checklist

The ICO issued a detailed 12 steps in preparing for GDPR but here’s a quick run through:

  1. Make sure key people within your business are aware that the law has changed.
  2. Conduct an internal audit to find out what personal data you hold, where it came from and who you share it with.
  3. Review your current privacy notices.
  4. Check your procedures to ensure they cover all the rights individuals have.
  5. Update your procedures and plan for subject access requests.
  6. Identify the lawful basis for you processing the data.
  7. Review how you seek, record and manage consent.
  8. If you hold data on children, consider your procedures for verifying ages and obtaining parental or guardian consent.
  9. Review your procedures for detecting, reporting and investigating a personal data breach.
  10. Adopt a privacy by design approach and carry out a Privacy Impact Assessment.
  11. Assign a Data Protection Officer.
  12. If you operate in more than one EU member state, document your lead data protection supervisory authority.

Reviewing these steps, it’s understandable why GDPR has been so daunting.

How we can help

If you need extra support, we can help in two ways:

1. GDPR Training  

We are running a GDPR Bootcamp course, helping you to prepare for GDPR and giving you a better understanding of the evidence you will need.

This course offers you the opportunity to work through your own organisations unique GDPR needs. With our trainer’s support, you’ll leave with documents prepared and a specific action plan for you to implement.

To book on to our next course, please visit our website.

2. GDPR Consultancy  

We appreciate that every business is different and each will manage their data in different ways. We can therefore arrange for one of our GDPR consultants to provide one-to-one guidance tailored for your needs.

To explore this option, call us on 01905 670303 or email info@isoqsltd.com.

How ISO 27001 can help

The Cyber Security Breaches Survey 2018 found that some businesses have used GDPR as a leverage with management to improve their cyber security. If this is something you’re considering, it may be worth implementing the ISO 27001 Information Security Management Standard.

Those businesses who have ISO 27001 are already half way to achieving GDPR compliance. This standard helps you effectively manage risks to the security of your confidential information, both electronically and physically.  More information on achieving ISO 27001 Certification can be found here.

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email info@isoqsltd.com.

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

Why Make Your Recruitment Agency Your Partner?

12 Sep, 2022

In a candidate driven market how can you not only attract the right applicants, but ensure you’re gaining a long-term employee who will grow with your business?

Environmental: Aerial view of green land and blue sky

How Can SECR Help You Reach Net Zero?

16 Aug, 2022

Net Zero, Greenhouse Gas and Environment issues are driving Commercial Energy obligations and responsibilities are changing worldwide. The UK is leading this revolution.

Our Award-Winning Week!

15 Jul, 2022

Less than a week after our win at the Worcestershire Social Media Awards, we were proud to be taking home another award, but what did we win this time?

ISOQSL Bingo Box an Award Winning Campaign

4 Jul, 2022

We were excited to attend the Worcestershire Social Media Awards last week where we were up for a whopping five awards including Best Social Media Campaign by a Business for our Christmas charity campaign.  Here’s how we got on…