Get our free email newsletter with just one click

GDPR compliance: On your marks, get set, go!

Ben Rapp from Managed Networks, in association with Securys, continues his series of articles on how to comply with new data protection laws starting on May 25

What – you thought May 25 was a finishing line? It’s all very well being ready for GDPR by the implementation date, and I’m sure you are, if you’ve been reading these articles and following our advice, but it’s vital to think of next month’s deadline as the start of an ongoing process. You can’t just pop the champagne corks, pat each others’ backs and then go back to your day jobs.

Data protection is an evolving landscape – just look at the current scandal surrounding Facebook and Cambridge Analytica – and you need to stay abreast of all the changes. The GDPR is a new law, and we won’t really know what it means until it’s been tested in court. Who’s going to be keeping an eye on those test cases and making sure you update your policies and behaviours to suit?

The cyber-threats keep evolving too. Maybe you’ve put the effort in to get your network and systems into shape; perhaps you’re confident you meet your obligations under Article 32 to have effective information security that assures the confidentiality, integrity, availability and resilience of the data you store and process. But will that still be true in six months’ time? Who’s going to keep your systems up-to-date and check for new vulnerabilities?

And what about your organisation’s own evolution? Every bold marketing initiative, every new process, every collaboration and outreach programme will carry fresh data challenges. Have you baked data protection into your thinking at every stage, or is it still something you try to put in place after the fact? Who’s going to be responsible for holding every part of your organisation to account?

Managed Networks founder Ben Rapp

Consumers are far more alert to data issues than they were a year ago, thanks to all these high-profile breaches. We’re bound to see a wave of data subject access, correction and erasure requests in the first few months after the introduction of the GDPR. Who’s going to deal with all of that, and make sure your responses are comprehensive and compliant, not embarrassing?

The UK implementation of GDPR also brings some new criminal and civil liabilities. I’m sure you’ve told your board or trustees all about this, and they’re completely aware of their exposure. But how are you (and they) going to demonstrate that there’s effective governance of data protection within your organisation? Ignorance is no defence under the law, so you need some way to keep them up to date on all your data processing, and all the work you’re doing to protect it. Who’s writing those reports, and making sure the board understands them?

You have to be clear and open with all your data subjects – both consumers and employees – about what you’re doing with their data, and you have to show them and the regulator that you’re taking the right steps to protect that information. How are you going to provide this evidence? Did you get a certification such as CyberEssentials or ISO 27001? If so – who’s maintaining it? Have you published a comprehensive privacy policy? Who’s maintaining it, and your records of data processing, and privacy impact assessments, and breach mitigation assessments?

If you think that all sounds like a lot of work, you’re right. That’s why we’re here to help you by taking some of the load off your shoulders. Whether you want a network that’s guaranteed to be secure, help managing your IT systems or someone else to maintain your policies and data processing records, come and talk to us and see how we can make it easier.

Visit gdpr@managednetworks.co.uk or call 020 7496 8000. If you want to get your hands on our White Paper, GDPR Summarised, complete the form below.

If you are having trouble using this form, please click here.