It’s been four months since the new General Data Protection Regulation (GDPR) came into force on the 25th May, and the question we are repeatedly asked is, “So what now?” It’s a good question.
Has GDPR dropped off your meeting agenda? Who’s looking after your compliance now? Whilst there was a lot of noise surrounding the new regulation we believe the noise and concern was generated by two words that fundamentally changes how we think about Data Protection.
Transparency: The Data Protection Act 1998 expected you to apply its eight principles, but the GDPR requires that you are acting in a transparent manner – meaning you have to be clear about what you’re doing with personal data; How are you holding it? Why do you need it? How long for? Who are you sharing it with? Where it is held?
Accountability: Accountability means you must be able to demonstrate your compliance. So if you say you are acting in a transparent manner, can you evidence this? There are a number of measures that you can, and in some cases must, take. These range from adopting and implementing data protection policies through to recording and, where necessary, reporting personal data breaches.
It is this core principle of Accountability that is of greatest concern for most organisations as they struggle to provide evidence that they’re acting in line with the regulation.
So what now?
Dependent upon what kind of data they process, many organisations have decided to appoint a Data Protection Officer (DPO), or someone to lead their Data Protection practices. In certain situations the GDPR makes this appointment mandatory, but it is still seen as good-practice to appoint someone to oversee how information is managed and protected.
Post-25th May what needs to happen is for you to ask; How would we demonstrate we are complying with the GDPR? Can we provide tangible evidence that we are in control of the data that is in our care?
A Data Protection Officer provides you with confidence that there is someone who is always asking these core questions, and keeping you compliant.
If you’re concerned about your level of GDPR compliance then we can help. Agenci provide ‘Virtual’ DPO services, meaning we take the administrative burden away from you. Giving you the confidence to know that someone is focused on Data Protection, as we provide the policies, procedures and knowledge you need.
So what now? Simply get in touch.
If you would like to speak to someone about booking a “GDPR Compliance Health Check” or discussing the ‘Virtual DPO’ service please contact Gary Hibberd, Managing Director of Agenci.
Agenci are a part of the Cyberfort Group and provide Cyber Security consultancy services and assistance on GDPR compliance.