Business Advice for all UK firms from starting a business to flotation

Managing GDPR Now It Has Started – Health & Safety of Your Data

By Richard Coope, Managing Director at Point Progress,home of I-Comply-GDPR

GDPR is currently the hot topic on everyone's mind, if not for the hundreds of emails coming in from companies that you had long forgotten about.

You will already know that the new data protection regulations from the EU came into force on 25th May 2018 and are absolutely necessary to modernise the old data protection laws which had not been designed with our evolving technological world in mind.

Now that we have passed the 25th May, there may be a temptation to relax a little. Many saw this date as a deadline, a point in time by which all the rushing around must be completed, but then put to one side to get on with more important things.

The reality is, however, that the 25th May is just the start date, with ongoing requirements and commitments to data processing and handling. This additional "burden" on business can be likened to the health and safety regulations; there is the initial risk assessment for a business, but they must be kept up to date as people, processes, and the business changes. The new data protection laws will require similar levels of constant review and revision, with systems of data monitoring in place to ensure compliance and audit recording. It is not something that will go away or can be ignored.

Ongoing Compliance

GDPR is not something you need to be afraid of, but certainly should not be ignored. Being open with consumers about how you hold and use their information will provide a level of trust in your products and company.

However, writing the policies and procedures is only the beginning. One of the key articles of the GDPR which addresses ongoing compliance is Article 30, which says: "Each controller and, where applicable, the controller's representative, shall maintain a record of processing activities under its responsibility."

For any company who processes personal data, this means keeping accurate records to show that your carefully thought through policies are actually being carried out, not just gathering dust in a folder.

This alone, could be a very time-consuming task, which to monitor effectively would require regular attention.

As a software company, we quickly concluded that there must be an easy way to manage this important aspect of the legislation - a more streamlined way of managing this information, which would work alongside normal business practices and not drain company resources.

Hopefully, through many late nights, we worked tirelessly to design and produce a software solution which will take the pain away from those essential GDPR tasks, without the excessive costs.

i-Comply-GDPR- Get Compliant. Stay Compliant.

We designed i-Comply-GDPR to do two things.

Firstly, as a tool to help our customers prepare and comply with their GDPR responsibilities, we included a large number of policy templates and a Getting Started feature to help step companies through their thought process.

We also included features such as a Policy Builder to help build the company policies, filling in the right information where needed, and then allowing the policies to be published to the appropriate team members. This is important as, while all staff would need to read and understand their responsibilities, the fact that they have read and understood needs recording and building into the all-important audit trail.

The second aspect that we focussed on was the Staying Compliant aspect. As previously mentioned, this is an essential part of GDPR Article 30 regulations, forming any defence or justification that might be needed in the future (hopefully not).

Dealing with Subject Access Requests are potentially an area that could become extremely time consuming for a business, therefore we have included tools to be able to easily record and deal with these requests in the required 1 month of receipt, again adding to the audit trail.

At the core of our software is the Data Asset Register. From here you have complete visibility of the data that is held in your business, where it is, and be sure that all the
right questions have been answered to validate your lawful right to hold and use.

The register is not a static set of information, rather an active mechanism to drive the appropriate actions at the right time, ensuring that reviews, disposals, and re-licencing (where necessary) all happen in time, and again recording a complete audit trail of your activities.

The software should be there to help you with your business, rather than get in the way. To help with that we ensure that we provide unrivalled levels of service and support through our UK based support team, providing you with a point of contact in case you need to ask a question or need some help.

Finally

GDPR compliance is not just about avoiding the fines but is a way of reassuring all your data subjects that you as a company can be trusted with their data, and that you take the security of that data very seriously. Although, currently, there is no official "certificate of compliance", certification such as ISO9001, ISO27001 and CyberEssential certifications help build this trust, alongside an open, privacy by design approach to data protection.

Essentially, data protection is not an afterthought but comes first in every business activity. With i-Comply-GDPR you can have peace of mind that the data you hold is lawful and effectively monitored.

For more information call us 01270 611800

Or visit www.i-comply-gdpr.com

Or email us at hello@pointprogress.com

Share |

Post Date: June 20th, 2018