Hello PPMA members and friends
As you will probably know, the General Data Protection Regulation (GDPR) comes into force on the 25th May 2018 and like many organisations you may still be unsure as to what actions need to be taken to be prepare for it’s arrival. To help you get to grips with the finer points, our blog post this week is an easy to follow guide, along with some helpful tips from a variety of resources, all designed to help you make sure that your organisation is GDPR compliant.
It’s true there are still a few grey areas, but that is no reason to bury your head, especially as failing to comply could land your authority with heavy fines. At the same time there is no need to panic as there is lots of help available. For example, the Association of Association Executives held a seminar with Softwerx the other week to aid with practical ways organisations can move towards compliance and below we summarise the key points from that session.
If you follow these measures you could prevent 80% of your GDPR headaches:
⦁ GDPR is a senior level issue and needs to be recognised as this, budgets should be in place for data protection and cyber security measures with adequate resources being made available
⦁ If you don’t have one already, determine if you need a Data Protection Officer and document the reasons for your decision either way. But don’t forget that data protection is the responsibility of all employees.
⦁ Know where all existing personal data is stored, your reasons for having it and if it’s valid. Do you have permission from the owner to have it?
⦁ Does your current system have inbuilt security features enabled. Wherever possible encrypt.
⦁ Look at who has access to your data and if it’s necessary for them to have this. Clean up active directories of old accounts and tighten things up.
⦁ Adhere to the SANS top 20 critical security controls.
⦁ Ensure all employees are trained in the basics of data security awareness.
Ultimately it’s all about transparency, with what you’re planning to do, with the data you receive, how you’re going to store it and how long you’re going to be holding on to it. Alongside ensuring your security is up to speed to safeguard against any breaches and making sure your procedures with regards to your data are clearly documented for all to follow.
You can watch the whole seminar here: https://youtu.be/j7sPkeyPLEU
And if you need any more help or advice, here’s some links to a range of useful resource available:
ICO. Information Commissioner’s Office
National Cyber Security Centre (cyberessentialsplus)
BS10012 Personal Information Management System
The General Data Protection Regulation (Full Document)
We hope you find this information useful and we’d love to hear from you if you have any advice you can share about how you are implementing GDPR in your organisation.