GDPR Compliance
Are You GDPR Compliant?
The General Data Protection Regulations (GDPR) are the new global standard for data privacy rights, security, and compliance. On 25th May 2018, the regulation came into force and you need to ensure your business is GDPR compliant.
GDPR is designed to impose regulations on any organisation that process or hold personal data. Six key principles are included as part of that requirement.
The 6 Key Principles of GDPR:
Transparency, fairness, and lawfulness in the handling and use of personal data. You will need to be clear with individuals about how you are using personal data and will also need a “lawful basis” to process that data.
Limiting the processing of personal data to specified, explicit, and legitimate purposes. You will not be able to re-use or disclose personal data for purposes that are not “compatible” with the purpose for which the data was originally collected.
Minimising the collection and storage of personal data to that which is adequate and relevant for the intended purpose.
Ensuring the accuracy of personal data and enabling it to be erased or rectified. You will need to take steps to ensure that the personal data you hold is accurate and can be corrected if errors occur.
Limiting the storage of personal data. You will need to ensure that you retain personal data only for as long as necessary to achieve the purposes for which the data was collected.
Ensuring security, integrity, and confidentiality of personal data. Your organisation must take steps to keep personal data secure through technical and organisational security measures.
Currently, your data is probably spread across a wide array of IT environments – personal devices, on-premise servers, cloud services, even held within the Internet of Things. This means that most of your IT environment could be subject to the requirements of the GDPR.
Becoming GDPR Compliant
Your progress towards compliance can be broken into four key steps:
- Discover – identify what personal data you have and where it resides
- Manage – govern how personal data is used and accessed
- Protect – establish security controls to prevent, detect, and respond to vulnerabilities and data breaches
- Report – execute on data requests, report data breaches, and keep required documentation
For each of the steps and the six key principles, we can help guide you through the process and provide you with the tools that can help you address the requirements of that step.
For more detailed information, speak to one of our GDPR and security specialists by contacting us today.
Free & Easy Office 365 Guide
Quick tips to save you time for your growing business.