Steps to GDPR compliance
March, 2018
As we’re sure your aware GDPR will come into force on the 25th May 2018. But you may not be aware of what this actually means for your business. You keep hearing of how large penalties can be enforced on your business. As a result of a data breach and non-compliance, but what exactly are you supposed to do to become GDPR compliant?
As a result of a GDPR seminar we are now able to help you with this. We have a series of steps that you can take in order to become more GDPR compliant and help you avoid a regulatory penalty.
Steps to GDPR compliance
- Create a data inventory. This identifies the processors of the data and any data that is held outside of the new GDPR regulation. I.E you do not have a legitimate reason to hold the data.
- Conduct a gap analysis. To assess compliance and identify area’s that you are weak in relation to GDPR. Also test it against your business processes to ensure they are robust in accordance with the regulation.
- Conduct a data flow audit. This will allow you to begin to identify points of entry for potential hackers and also recognise the systems that the data is travelling through.
- Establish a governance framework. This should cover board awareness, a risk register, and the review process should a breach occur.
- Review policies. You should review company policies and make amendments to ensure compliance with new GDPR rules. You should also ensure effective communication of policies to make sure all parties are aware.
- Review 3rd party processor contracts. If a 3rd party processor loses your data or is not compliant it comes back to your business, so it is important that you are able to have some control.
- Appoint a data protection officer. This is not mandatory in small businesses however it is useful, this will help you understand best practises to secure your data.
- Create a GDPR/ Cyber training program for staff. This will ensure that they understand how the new GDPR affects their roles in the business as well as help to minimise risk of a breach.
- Create a breach response process and test it. Data breaches are a case of when not if. Its important that you understand the steps to minimise your breach and stop the situation escalating.
- Monitor, audit and improve each step.
GDPR is gradual process and must be taken one bite at a time. It will not be done over night and can a while to get right. It will be a learning curve for all businesses but don’t let it be a costly one by not preparing for GDPR.
Other precautions
Other precautions that you can take would be to purchase cyber cover. Not only will cyber cover pay the price if you are not GDPR compliant but it will also cover costs associated with a breach such as notification costs and business interruption costs. Cyber cover also has the ability to put you in contact with some of the best cyber professionals in the UK. This will help you limit the damage that a breach can do. Cyber cover is a great way to protect your business during the transition into GDPR and beyond.