
Do you need to appoint a Data Protection Officer (DPO)?
How do you know if you should appoint a Data Protection Officer (DPO)? Many organisations are unsure about whether they need to appoint a Data
Earlier this year, the General Data Protection Regulation (GDPR) came into effect across the EU, enshrined in the UK as the Data Protection Act 2018. For the last two years at Atticus Technology, we have been helping businesses prepare for the new legislation and understand the benefits for the business and for clients.
It might be that you’re not quite there at the moment; or that you need to review where you are up to. It’s equally possible that you haven’t done much at all with GDPR as other business priorities drag you elsewhere. Many organisations are trying to work out what to do to stay compliant. The full text of the GDPR contains 99 articles running to over 200 pages, and it can be a challenge cutting through it all to identify the practical steps to take.
The rush to be GDPR compliant by 25th May is over and we’re into prioritising and sorting out a plan now rather than panicking or ignoring things completely. The latest guidance from the Information Commissioner is “Don’t panic……….. the important thing is to take concrete steps to implement your new responsibilities — to better protect customer data.”
The GDPR journey as a whole can be troubling for many organisations. Whilst the legislation describes at length how it expects organisations to handle personal data and the rights that data subjects have in relation to that data, it’s noticeably agnostic and ambiguous around how all of this is to be implemented and managed.
Depending on your available resources, competence and expertise we can offer help in many different areas. There isn’t a silver bullet or panacea for the GDPR and the recent bombardment by ‘experts’ foretelling fines, reputational damage and other nasties has led to GDPR lassitude across the board. Businesses are moving further from compliance due to a lack of knowledge around how to tackle the GDPR pragmatically and practically.
We help you to interpret the regulation for your business
Build a sensible and acheiveable plan to get there
That will work with and support your business operations
Our initial Gap Analysis and Report presents you with a clear picture of the areas in your business that need attention; you can then make an informed decision as to whether you will do it yourself, get a little help or get a lot of help!
In essence, complying with the General Data Protection Regulation is about systems and practices which are built to know where your data is, how it is used, who has access to it and to protect the rights of the individual.
This would include (for example) appropriate IT Security, a suitable set of policies and procedures including those for managing the key aspects of the GDPR and a comprehensive record of the data held by the Data Controller.
Putting these measures in place will start to demonstrate compliance. The GDPR has adopted a risk based approach to legislation called Privacy by Design – an organisation does not need to have a data breach or other incident – you can simply be prosecuted and fined for not ensuring that the most appropriate technical and organisational measures are in place to protect personal information.
So, where should you start? Our experience is that a business should carry out a thorough gap analysis to understand how far away it is from best practice in line with the GDPR. An objective, independent review of your business will identify, prioritise and then offer guidance on how best to deal with the key gaps and risks that you will need to address.
Our gap analysis audit and report looks individually at each of the 99 articles of the GDPR and provides comment on all that are relevant; it also works through the constituent policies and procedures of a data governance framework to compare with the ones you currently have in place. Finally, a basic outline of an Information Asset Register is included covering your main systems.
It is important to get this first phase right as the follow up and remedial work could be significant in terms of time and investment. If your focus is wrong then this will be wasted and you might not end up much nearer to compliance.
If you would like to understand how we can help with any aspect of data protection then please have a look at our GDPR services for more information or fill in the form below and send us a few details. We’ll get back to you shortly.
For any questions or enquiries please feel free to get in touch at any time. Providing a good service is about being available and flexible.
Or send us a message below…
How do you know if you should appoint a Data Protection Officer (DPO)? Many organisations are unsure about whether they need to appoint a Data
Business Continuity is often left to left to the IT department to initiate. A few new backup tapes and extra telephone lines – just in
How do you ensure that the most complicated systems, the most technically advanced products and the most diverse projects are delivered and supported in the
If you’re trying to keep up with your large competitors, clever use of IT is an effective way to stand out and offer a better
Professional IT for business