CHECK IF YOU ARE READY FOR GDPR?

You now have LESS THAN two weeks to implement the following if you haven’t already

1. Get rid of any personal data that you can not PROVE you have been given explicit consent to hold and use that data for the purpose you are currently using it .
2. Register with the ico.
3. Ensure that all directors and key staff can verbalise GDPR and what it means to your business.
4. Ensure that all existing staff have received “Privacy awareness training” and have signed a document confirming receipt of this.
5. Have updated all the employee handbooks to reference the new laws and removed references to the old Data Protection Act.
6. Have contacted all suppliers that you share any personal data with, to get a statement of compliance from them with regards to GDPR.
7. To have put in place processes to allow people to access their new rights ie right to access their information, right to correct their information, right to have their information removed from your systems.
8. Be able to demonstrate that you have a detailed process to implement the above requests and action them within 28 days and then report back to the user on your actions.
9. Have a privacy statement that users MUST acknowledge at any point you collect data to say, what data you are collecting, why you are collecting, what you are doing with that data, whom you share that data with and how long you will hold that data, the user MUST acknowledge this at the point of collection to give consent.
10. Improved your Network security by implementing strong passwords and screen locking after a period of inactivity, ensure files and folders have an appropriate level of security to ensure they can be accessed by only authorised personnel.
11. Implement Web filtering to ensure staff don’t accidentally expose data to a threat
12.  implement intrusion protection on your network, this can not be done by the standard router, they do not have the capability to inspect every data packet entering or leaving the business to identify a threat these threats.
13. Get rid of any old or archived data that you no longer need to keep for some legal obligation, this includes physical data so slim down those filing cabinets.
14. Ensure that all sensitive personal data is locked away at nighttime, filing cabinets are locked and computers powered down.
15. Ensure that mobile devices are encrypted and that you are using all the available methods to secure those devices.
16. Ensure you have a clearly defined action plan to deal with Data breaches this includes who will notify the ico within 72 hours, who will investigate the breach and who will notify users who’s data may have been affected within the 28-day guidelines.

If you can tick all the above boxes then sit back and give yourself a pat on the back , if you cant answer the above then you could be exposing your business to fines between 2-4% of the group revenue for non-compliance.

if you have a breach as well then possible lawsuits from affected users of between 3 and 12 thousand pounds depending on the type of data that is lost.

It is not too late to meet the regulations, to find out how to

please contact me

Jim Hincks

Technical Sales Manager OES

Tel: 01745 816 473