GDPR: the path to compliance has just become clearer

Last week the Government reaffirmed its commitment to GDPR in the Queen’s Speech.

27 June 2017

Whilst this was no surprise, the Government did mention other data related proposals that were included in the Conservative’s pre-election manifesto such as:

  • Empowering individuals to have more control over their personal data
  • Giving people the “right to be forgotten” when they no longer wanted a company to process their data – providing there were no legitimate grounds for a company retaining the data
  • Specific guidelines for law enforcement agencies and social media companies.

  • For those organisations already fraught with the task of GDPR compliance then there is some good news – for most companies the ‘additional’ proposals in the Queen’s Speech are already covered. Article 17 in GDPR for instance already covers at length what organisations must do to ensure ‘data subjects’ have the ‘right to be forgotten’.

    We are often asked what the key next steps companies must take in order to comply with the 25th May 2018 GDPR deadline and we went some way to addressing these at an event with Microsoft last week. The key takeaways on the road to compliance are these:

  • Discover: identify what personal data you have and where it resides
  • Manage: govern how personal data is used and accessed
  • Protect: establish security controls to prevent, detect and respond to vulnerabilities and data breaches
  • Report: keep required documentation, manage data requests and breach notifications
  •  
    One of the key scenarios we looked at in detail (and which touches on points one to three of the above) is how the trends towards so-called ‘bring your own device’ (BYOD) affects GDPR. In our quest to enable employees to be more nimble, choose their preferred device and work from whatever location suits them it’s vital that governance over our and (more importantly our customers’) data is front and centre of mind. And with fines of up to 4% of turnover or €20m this becomes even more of a pressing concern.

    We outlined an everyday scenario where an employee decides to leave a business. He handed over his company car keys yet it quickly transpired that company sales data, key contacts and customer records still resided on the laptop and mobile phone he’d been using. The problem? He owned both devices and there was no way of getting either the devices or the data back – this would be a fundamental breach of GDPR.

    We concluded this part of the session by outlining why enterprise mobility tools are so vital to providing firms with this level of control and looked at how firms can assign user privileges to documents and remotely wipe data on any device using Microsoft Enterprise Mobility + Security.


    Want to know more? Talk to us about how we can help you make your organisation compliant, secure and productive at enquiries@gcicom.net.

     

    Karl Roberts

    Head of Propositions

    Share on Social Media

    MORE BLOG POSTS

    EVENTS YOU MAY BE INTERESTED IN

    Contact us to see what we can do for you

    By submitting this form you agree to our GDPR Marketing notice. You have the ability to opt out at your discretion.