27th June 2017

By Karl Roberts – Head of Propositions, GCI.

Last week the Government reaffirmed its commitment to GDPR in the Queen’s Speech. Whilst this was no surprise, the Government did mention other data related proposals that were included in the Conservative’s pre-election manifesto such as:

  • “Empowering individuals to have more control over their personal data”.
  • Giving people the “right to be forgotten” when they no longer wanted a company to process their data – providing there were no legitimate grounds for a company retaining the data.

There were also specific guidelines for law enforcement agencies and social media companies.

For those organisations already fraught with the task of GDPR compliance then there is some good news – for most companies the ‘additional’ proposals in the Queen’s Speech are already covered. Article 17 in GDPR for instance already covers at length what organisations must do to ensure ‘data subjects’ have the ‘right to be forgotten’.

We are often asked what the key next steps companies must take in order to comply with the 25th May 2018 GDPR deadline and we went some way to addressing these at an event with Microsoft last week. The key takeaways on the road to compliance are these:


  • Discover – identify what personal data you have and where it resides
  • Manage – govern how personal data is used and accessed
  • Protect – establish security controls to prevent, detect and respond to vulnerabilities and data breaches
  • Report – keep required documentation, manage data requests and breach notifications


Microsoft has produced a handy GDPR guide at the following link:

One of the key scenarios we looked at in detail (and which touches on points one to three of the above) is how the trends towards so-called ‘bring your own device’ (BYOD) affects GDPR. In our quest to enable employees to be more nimble, choose their preferred device and work from whatever location suits them it’s vital that governance over our and (more importantly our customers’) data is front and centre of mind. And with fines of up to 4% of turnover or €20m this becomes even more of a pressing concern.

We outlined an everyday scenario where an employee decides to leave a business. He handed over his company car keys yet it quickly transpired that company sales data, key contacts and customer records still resided on the laptop and mobile phone he’d been using. The problem? He owned both devices and there was no way of getting either the devices or the data back – this would be a fundamental breach of GDPR.

We concluded this part of the session by outlining why enterprise mobility tools are so vital to providing firms with this level of control and looked at how firms can assign user privileges to documents and remotely wipe data on any device using Microsoft Enterprise Mobility + Security.

It’s not too late to start your journey to GDPR compliance – Talk to GCI about our managed solution can help you make your organisation compliant, secure and productive – Email to find out more.

Free BYOD and GDPR eBook

Karl Roberts is Head of Propositions at GCI.

He heads up propositions for GCI, and has been involved with Voice Communication and Customer Experience technologies for 25 years. Karl has digitally transformed the largest Cloud Contact CX platforms in Government, designed Europe’s first passive biometrics banking service and pioneered ideas around intelligent meta-bot interactive assistants using Echo and Skype as a personal tax assistant.