The date for the introduction of the new GDPR rules has now passed. There is no need to panic if you don’t feel you are on top of it. The 25th May 2018 was a defined starting point for the process, if you are starting to implement change you are already on course.
All organisations collecting, holding or processing personal information that can lead to a person’s identity need to be working towards compliance. You also need to be aware of the new rights of the people (data subjects) with regard to this information and how can you meet these rights. Some organisations are much further on than others. Most of the new regulations are just good practice. Organisations that keep personal data on customers and clients generally treat the information with respect and try to protect it, it is the formalisation of this which needs tightening up and documenting.
The process doesn’t have to be timely and complicated. Take a morning out to answer some simple questions, such as:
- Where, when and how do you collect information?
- What do you do with it? i.e. Who sees it, do you share it with other organisations?
- How do you protect it? In the office, paperwork and electronically – do you need to review your IT systems?
The ICOs website gives access to some great tools. As the responsible body for enforcing these rules it is a great place to start. Achieving the Cyber Essentials Certification is another great thing to do, here at Active IT Systems we can help you obtain this.
We are also a business. It has been important to be able to separate the nonsense from fact on GDPR as best we can. As with other companies, we have also been swamped by offers from ‘specialists’ to help us implement the new regulations. Having done our homework we found that these ‘specialists’, when you read their terms, do not guarantee compliance. Nobody can, you won’t know until you are ICO audited.
Our advantage as IT and document solutions suppliers, is that the GDPR security side of systems falls into our area of expertise. This means we have had little to do as we are already Cyber Essentials Certified and have strict access controls in place. The other side of GDPR has been a journey of discovery, like all new regulations and rules.
At Active we have a large pool of great customers and suppliers who we have worked with. Combining our experience and skills we have been able to form a ‘GDPR Super Cooperative’ this has led to the production of a small GDPR toolkit which makes answering the simple questions above and beginning the documentation process simple. If you would like to join this cooperative or just benchmark your existing GDPR work, please get in touch.