GDPR is a bit of a hot topic at the moment, and for good reason. With only 4 months left to go, the countdown to compliance has well and truly begun. But for many businesses, there are still a lot of unanswered questions, particularly about the safety of their own data. That’s why today, we wanted to talk about 4 key things you can do to protect your business data, a security review for your customer data and your reputation, ready for GDPR to hit in May.
In GDPR, documentation is the key to everything. It’s where information is stored, and it is also what is required to prove compliance with the regulation. So the very best thing you can do to protect your company data, and the personal data it holds, is to implement a content management solution. This will help your business deal with personal information (including internal business data), make handling ‘the right to be forgotten’ a breeze and smooth out compliancy requirements without increasing the headcount of your business. It can do all of this thanks to a number of different features, including:
- Document life cycle management
- Logging all document movement and access across the business
- Ensuring all cloud services are GDPR compliant
- Providing secure access to documents wherever staff are, and creating secure areas for suppliers and customers to access their own documentation
- OCR, meta data capture and input means fast retrieval of documents not only for day to day work, but for data deletion and auditing purposes.
- Creation of a single, central document repository, which links multiple online business systems in one, easy to manage location.
- A host of team collaboration tools to prevent the duplication and loss of data.
- Digital and electronic signature software to document consent in just a few clicks.
Appointing Data Protection Officers
GDPR is also the first regulation to make it mandatory for certain organisations to appoint a Data Protection Officer. While many businesses and organisations will appoint one out of choice, there has never been a rule that states there has to be one in place for those under a certain number of employees. But soon, public authorities and businesses processing personal information will be required to appoint a Data Protection officer, or risk a breach of regulation and the fines that go with it. According to a study by the International Association of Privacy Professionals, this means that 28,000 Data Protection Officers will need to be appointed in Europe alone before May 2018. This is mainly because GDPR does away with previous criteria that dictates a public organisation needs to have a certain number of employees, and instead focusses on what organisations do with personal information – regardless of their size. This means that in order to comply, and to protect your company data, you need to appoint a Data Protection Officer.
Increase Cyber Security Measures
At the height of the age of information, cyber risks have never been higher, particularly for businesses. Cyber attack is one of the single biggest weak points for businesses, with a huge demand for ackers targeting business operations of all shapes and sizes in order to steal their data in a breach. If that wasn’t enough to be worried about, GDPR then adds a new rule around breach reporting, meaning that businesses are trying to avoid breaches more than ever before. GDPR now requires organisations or any size to notify the local data protection authority of a data breach of any size within 72 hours of discovering it, which means businesses need the technology in place to be able to detect and respond to a data breach. This might take some employee re-training, or it may require a complete IT overhaul, depending on the state of your security systems.
Demonstrating accountability is something that isn’t usually required in UK business law, but under GDPR, it will be brought into force. The Accountability Principle within GDPR requires businesses to demonstrate that they comply with the data protection principles, and state explicitly that it is their responsibility to do so. That sounds complicated in theory, but in practice, it means that businesses will need to do the following:
- Put in place appropriate measures to ensure and demonstrate that they comply (this may include internal data protection policies such as staff training, internal audits of processing activities, and reviews of internal HR policies)
- Maintain relevant documentation on processing activities;
- Where required, appoint a data protection officer (DPO);
- Implement measures that meet the principles of data protection by design and data protection by default (such as data minimisation, pseudonymisation, transparency, allowing individuals to monitor processing and creating and improving security features on an ongoing basis)
- Use data protection impact assessments where appropriate
At Tipac, we are helping hundreds of businesses get GDPR ready with bespoke content management solutions. Because we don’t sell ‘off the shelf’ solutions, we are able to mix and match a variety of software capabilities to create a solution that addresses the unique issues your business has, without any unnecessary bulky extras. Our team will work closely with you to ensure you have a simple, sleek content management solution in place that not only helps boost productivity, but helps you stay compliant with GDPR regulations as well. For more information about how we can help you become GDPR compliant, just get in touch with the team today.