How would your business evidence steps taken to minimise the risk of a GDPR breach? If you don’t know how to complete a GDPR Healthcheck on your business, read on as evidencing is a key step to information security best practice. GDPR wasn’t a moment in time. Here we take a look at how to manage its lifetime commitment.
Many businesses across the UK spent the first half of 2018 scrambling to meet the May deadline for GDPR compliance. Online blogs and social media were awash with top five tips about how to meet the looming deadline and manage associated risk. But how many of those companies, for whom GDPR compliance opened a previously alien new governance regime, have continued their commitment to making sure adherence to the regulation continues beyond the moment in time that was 25th May? Judging by the experience of Oxford based researcher, James Parvur, not nearly enough.
“It’s still a hot topic at the ICO and recent research is highlighting it”
Parvur found that 25% of the organisations he approached making a Subject Access Request (SAR) on behalf of his fiancée provided data to him about her. This included credit card information, travel details, account logins and passwords, even high school grades and mother’s maiden name.
The research showed that large enterprises tended to do well but the main weakness was in the mid-sized and smaller businesses, possibly reflecting the level of resource available within organisations for data management.
“The main weakness was in the mid-sized and smaller businesses”
The research shines a light on the need for organisations to understand that they need to manage GDPR adherence on an ongoing basis and ensure full understanding of their obligations, especially when it comes to managing SARs. Public awareness of personal data is driving an increase in requests from both customers and employees, some of whom just want to know what data is held about them and others who may be planning for a grievance or employment tribunal.
Businesses need to incorporate an effective process to manage requests and provide the response within a month and in a format that is easily understood.
Depending on data held, this could run to hundreds or even thousands of documents that need to be reviewed for data extraction. This makes it even more crucial that organisations review personal data on an ongoing basis and create processes to manage it in such a way that requests are met on time. That means examining data to make sure it’s essential, storing it in an easily retrievable way so that it can be accessed quickly if required and rigorously deleting anything that isn’t needed.
GDPR is very much a lifetime commitment for businesses and one that will continue to evolve as more legislation is created to protect personal data. It may be challenging for small to mid sized companies to make the investment required to undertake regular GPDR health checks but the cost of fines for non compliance can be huge. Those without the necessary in house expertise can mitigate the risk with regular GDPR health checks undertaken by external experts.
Quick steps you can take:
- Request a GDPR Healthcheck. Focused using a self assessment Net-Defence can give you a quick understanding of your high level risk.
- Request a GDPR Gap Analysis. This can identify risk areas quickly and address ways to remedy them.
For example, no single software application can make an organisation compliant – the risk of GDPR breach through lack of due process and human error remains high. The Gap Analysis will enable you to see where the risk and non-compliance lies in your business.
Project Delivery support is available after a GDPR Gap Analysis. Depending on the findings, our specialists will carry out a series of exercises and training workshops across your teams – from finance and HR to operations and sales ranging from:
• Detailed policy drafting and implementation
• Data mapping
• Risk management mapping
• Procedural support
• Risk management training and support
• Controls implementation support
• GDPR training
• Data support and technical queries
Contact us today to quickly get GDPR health checking underway in your organisation.