Data Security – Our Top 5 Tips on Remaining GDPR Compliant One Year On
Taking into account these three key factors; People, Training and Technology, is your business GDPR compliant one year on?
Netpremacy’s Andrew Eden explains the steps to follow and how data management has transformed since May 2018.
The General Data Protection Regulation (GDPR) came into force on Friday 25th May 2018, aiming to empower people to control the way their data is stored and managed. You might remember the collective anxiety that surrounded the approaching deadline day as businesses tried to comprehend what this meant for their teams and systems, rushing to train their employees and double down on achieving ‘opt-in’ from their customer databases.
Over the last 12 months at Netpremacy, one of the UK’s leading Google Cloud Premier Partner, we found that the journey towards total GDPR compliance is far from straight-forward and is often a complex combination of factors. Reflecting on our decades of experience of supporting our customers with data security and digital transformation, we have determined that the key success factors to achieving compliance consist of focusing on three “people, training and technology”. With these aspects in mind, how can your business move forward with GDPR compliance?
In the immediate days and weeks after 25th May 2018, people began to pay attention to how their data was being used, with a sharp increase in customer claims of misused or mishandled data. Newfound public awareness resulted in The Information Commissioner’s Office (ICO) seeing complaints of data breaches increase by 160% in the first six weeks.
When looking globally at data privacy, GDPR has inspired huge shifts in attitude, from governments proposing legislation to individuals reconsidering what privacy means to them in a rapidly changing digital world.
Many organisations have invested in training to empower employees to understand how to remain compliant and how to identify and resolve data breaches. This knowledge is vital to share throughout businesses and should be adapted to meet the unique needs of each organisation and role within it. For example, the data security responsibility for an IT Manager is different than those for a Marketing Manager, nevertheless they’re equally as responsible for the safe storage of customer and/or employee data.
Over the past year, GDPR has heralded a fundamental change in how data processors and controllers handle personal information. Technology has aided GDPR by allowing businesses to delete, edit and duplicate data easily, however many systems have not been designed with these requirements in mind. Now, instead of being an afterthought, data protection needs to be considered from the beginning and become the very fabric of an organisation’s systems, ensuring that the technology is less likely to fail and data breaches are therefore reduced.
What should you be doing?
There is no silver bullet for GDPR compliance; it is an ongoing activity, requiring ongoing reviews to ensure consistency. If you’re still feeling unsure about GDPR compliance within your business, we have devised the following guidelines:
- Evaluate your GDPR plan. You might find that the GDPR procedures you put together before last year’s deadline were not as informed as they could be now. It’s worthwhile to look at the changes you made, what you’ve achieved and what still needs work. Compliance is a continuous and ever-changing process, so it’s always a good idea to look at continually adapting for future innovations.
- Invest in basic staff training. All businesses need to be proactive in training their staff for GDPR. When new staff members come onboard, they should receive data management training, and all members of the team should understand how your business specifically uses data.
- Know your data. Ensure your business understands what data you process, how it is used and who you share it with. To do this, conduct an audit and ensure there is someone responsible for reviewing and improving data handling constantly, rather than only looking at procedures every year
- Organise your systems. Your IT systems should be up-to-date and as secure as possible, with clear policies in place to prevent security breaches. All employees should be aware of these policies should a breach occur.
- Don’t get data confused! Get in the know about what constitutes data. Often people think it isn’t data if it doesn’t include a name or address, but actually data is anything that can help identify an individual, making it very wide ranging.
Discover how Netpremacy can support your data strategy, contact us to discuss a plan tailored to your unique business needs.
To keep up to date with product announcements, updates, and events subscribe to our newsletter.