GDPR in a Nutshell
The Big Question: What’s the ultimate point of the GDPR legislation?
The Simple Answer: To allow people to have confidence that personal information they give will be used in the way they expect and will be secure. There are financial penalties for organisations who don’t comply.
If the prospect of tackling the new GDPR requirements either fills you with fear / dread or bores you to tears, you’re not alone. But let’s not beat around the bush – it’s an important development in individuals’ rights and actually I think it’s a good thing for everyone. Why? Because it clears the decks of confusing and possibly misleading privacy statements and tackles the business of managing Personal Data head on.
As a business we at Intelogy need data about the people we work with, just like any other business, and we know it’s better for us in every way if that data is accurate & relevant – we want to work with people who want to hear from us, both from a sales & marketing perspective and an operational one. So, allowing people to opt out of our marketing communications or being brutal about deleting old data is a good thing.
That’s the carrot, but the general concern about preparing for GDPR has more to do with the stick which the Information Commissioners Office will use to beat offenders. The headline fines for breaches of the new rules are enormous and very damaging so this is not the time to hide in a dark room and hope it will go away. You will know your own business, but we at Intelogy are happy to share a very high-level view of how we have distilled GDPR down to manageable chunks.
Here is the list of tasks. The ico.org.uk website is the ultimate source for any detail you need.
- Make sure you’re registered with the ICO (or affiliated to someone who is) at ico.org.uk
- Identify a Data Controller and establish his / her responsibility
- Do a data audit to identify all the data you hold and where it is stored
- Draft a GDPR compliant privacy statement and post it at any & all points of collecting the data
- Establish a lawful basis for keeping each data item
- Conduct an Impact Assessment for each data item and each process in case of a breach
- Only keep the data you need – be tough, review it regularly
- Store it securely in as few places as possible and limit its accessibility
- Let people know how they can find out what data you hold
- Respond to subject requests & keep records
- Monitor your systems for access breaches so you know if you have had a breach
- Advise the ICO if there has been a breach within a 72-hour timeframe
Intelogy is a Microsoft Gold Certified Partner specialising in Information Management, Process Automation, Business Applications, Modern Workplace and Platform Solutions. We design, implement and support core Microsoft business platforms on premise and in the cloud and have over 20 years’ experience. We are one of the UK’s leading SharePoint consultancies who can help you accelerate your GDPR journey and support you with the right technology to become GDPR compliant.
If you would like further information or support, get in touch.