If you’re still not clear what GDPR means for your organisation and the steps you need to take before it comes into force on May 25th next year, the following summary of the GDPR compliance event we recently hosted may help guide you towards taking those first steps.
Last week, in association with GDPR consultancy, UK GDPR, our panel of expert speakers provided customers and partners with their insight on GDPR, including an understanding of the hard facts and a structure to guide organisation’s compliance programmes over the limited time that’s left.
Our Head of Security Services, Paul Toms, was joined on an expert panel by:
- Nick Baskett, Executive and Non-Executive Director at UKGDPR
- Philip James, Partner at Sheridans Solicitors, on the legal implications of GDPR
- James Humphris and Michael Finnie at MSGWKS, on data discovery and mapping
- Frank Somers, Head of Architecture, Data & BI at One Housing on first steps to GDPR compliance for the public sector
Nick Baskett opened the discussion with an introduction to the three key objectives for beginning the journey to GDPR compliance, those being introducing considerations, providing effective guidance and focusing on what can be accomplished. There are six key touchpoints for GDPR that every organisation need consider:
- Articles and Regulations – taking a unified approach to privacy, where GDPR is a big part of that implementation
- The Data Protection Bill (DPB) – the UK’s implementation of GDPR, essentially conveying how it will help
- E-privacy regulation (PECR) – a revised approach to this regulation includes the removal of some previous policy elements and the addition of policies surrounding electronic communications, with associated fines
- Equalities Act – associated revisions to the Disability Law where organisations will now be required to provide information in a format mentally and physically challenged individuals can access
- Guidance documents – required to support each step of the GDPR compliance process
- Templates – a guide to template contracts for legal teams to modify
GDPR compliance is unavoidable if you store or use personal data so its vital you have implemented the required policies and procedures. If you’re already complying with the UK’s Data Protection Act, you’re well on your way to GDPR compliance.
However, GDPR has also strengthened some requirements and introduced entirely new areas to address. One of the critical areas of increased responsibility is in respect to data breaches. You need to have the right systems in place to detect, report and investigate a personal data breach or you will be open to incurring a significant fine.
How IDE Group can help
GDPR introduces a duty on all organisations to report certain types of data breach to the Information Commissioner’s Office, and in some cases, to individuals. PACT, our cyber-security business unit, can monitor your entire infrastructure for threats, attacks and breaches, from the data centre core to the end user and within the cloud.
Our Security Operations Centre (SOC) combines dedicated security expertise with a fully managed Security Information and Event Management (SIEM) solution, which extracts all relevant data from the logs generated by your IT infrastructure. Through this, even the most sophisticated attacks can be identified and intelligence reported to security managers so they can take rapid mitigating action.
To find out how IDE Group can help you reach GDPR data breach compliance, please call 0344 874 2020 to arrange an initial meeting.