GDPR IT Requirements

GDPR | Don’t Get Caught Out

You won’t have been able to escape the fact that the GDPR is coming into effect this month – on 25th May 2018 your business will need to be fully compliant with GDPR or risk significant fines (see below for more information on fines).

You may be one of the handful of businesses who have taken all necessary steps to be fully compliant ahead of the deadline; but if you aren’t ready here’s what you need to know about your IT systems.

Six Steps To Ensure That Your Business Technology Is GDPR Compliant:

Data breaches: You will need to demonstrate that you have the correct procedures in place to help prevent, detect, report and investigate a personal data breach. Your data security procedures must include regular testing of these security measures. GDPR introduces a duty on all organisations to report certain types of data breach to the ICO, and in some cases, to individuals, preferably within 24hours, but within a maximum of 72 hours.

Security Audit: You need to have a documented review of your IT security systems to demonstrate that you have industry recognised anti-virus and Firewalls implemented on ALL your computers, laptops, tablets and phones, that your emails are encrypted, your data is encrypted and each and every computer is encrypted.

Privacy Policy: This needs to be updated, and date marked to prove that you have done so this year. As best practice, your Privacy Policy should be regularly reviewed and by date marking it you can demonstrate that this is company practice. Your Privacy Policy must be easily accessible to all for example added to your website.

Stored Information: You need to demonstrate that you have documented what personal data you hold, where it came from, where it is stored, whether you have consent to have this information, and who you share it with. You also need to have proven procedures in place for deleting personal information and that this information is stored securely (see Data Breaches above) and a record of who can access this information.

Data Protection Officer: Your business should designate an individual to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements.

Company Knowledge: All of your employees need to be aware of the new GDPR rules and you need to carry out regular staff security training sessions. All members of staff need to be fully aware of all things relating to data collection, storage and security.

If you implement everything above, then you are complying with GDPR in terms of your IT systems. If you fail to have the necessary security procedures implemented, you could be on the receiving end of the new harsher penalties. Pre GDPR, the ICO could fine up to £500,000 but now GDPR will allow fines of up to €20 million or four per cent of annual turnover, whichever is higher.

There will be no excuses – the Government believes it has given business plenty of warning over this.

If you need help to get your IT systems inline and to meet the guidelines of GDPR then please get in touch with us.

Comments are closed.