April 26, 2018

GDPR – The general data protection regulation

Posted by

Don’t Panic!

It is now less than a month until the GDPR is enforced. This has been a long time in coming and we should all be well prepared and ready. The stark reality is that very few of us are and a lot of us are starting to panic.

In this sort of a situation it is very easy to bury your head in the sand and do nothing – but the key here is to do something, in fact – do anything. If you do nothing and you get caught out the ICO will not be amused and there is a strong likelihood you will face an embarrassing situation and a nasty fine.

So – do what? There are a lot of companies offering all sorts of advice and the situation is a bit of a bun fight. Companies are falling over each other to make money from this ‘opportunity’. Some of the advice is sound but none of it can be 100% accurate as the regulation itself is complex, hard to interpret, impossible to take to the letter and there are no real precedents for its enforcement.

What we are recommending is to get your business through the Cyber Essentials with IASME Governance Standard and GDPR readiness self-certification. This opens up a can of worms though, as even that is not easy to do. It is 171 questions that lead to more questions.

The key thing here is to make a start. The ICO is going to start getting heavy on businesses who are flouting the regulation but I would think that they will not be heavy handed with any company who is at least doing something. There are an awful lot of companies out there who are doing very little and burying their head in the sand.

A link to the questions is at the bottom of this article. Note the red ones for IASME governance and the blue specifically for GDPR. We are teaming up with a company that can process the answers and help us get you through this. If you go direct to IASME you pay £400 but only get two hits at it, that have to be done very close together or you have to apply and pay again.

If you want us to help we would need to arrange some time to go through the techie aspects – some people refer to this as a ‘Gap Analysis’ and then start the process of getting what you need in place.

However, about half the questions are down to processes, procedures and documentation and this is down to you I’m afraid. We can get a GDPR specialist we have lined up in to do it all if you need.

Please contact us for further information. We’d be happy to help.

Here is some more reading and links to the pdf files:

Free download of Self Assessment questions

Free download of IASME Standard

Apply for self assessment

National Cyber Security Centre Requirements for IT Infrastructure