With the panic over to ‘comply’ with GDPR, it is seen as becoming more of a day to day compliance matter. Of course, this assumes that organisations have the correct processes embedded in their day to day business and their staff are trained on and aware of the implications. We still find there are many questions around what is the correct approach so our Managing Director, Bruce Penson, gives his low-down on the post GDPR landscape.
Q: How far would you say businesses have gone to implement the GDPR?
It’s a bit of a mixed bag but I would say the majority of businesses have done ‘something’ although often it is just so they have some documentation in place they can use to cover themselves should they be audited. This does not provide any real benefit to the business – that should come from improving operating procedures and training staff.
Q: What are the key dangers in not being compliant with the GDPR?
The biggest danger is damage to reputation. One of the main goals with the introduction of the GDPR is raising awareness of the need for data protection and good security practice. If as a business you are looking for a new supplier, there is a good chance that you will now use data protection and security compliance as one of your selection criteria. It follows then that not having the right processes and procedures in place could lead to missing out on business.
Q: What are your top tips for clients to be compliant?
There is a whole host of information, check lists and compliance packs available on the internet to help guide you through the GDPR process. It can be very confusing and many of them offer conflicting advice. The truth is, there is no one way of achieving this.
Our advice is to certify your business against a recognised information security standard such as IASME Governance GDPR, that way you can be sure you have followed best practice. You will also receive a certificate you can use to demonstrate to business partners that you have done it correctly.
Also be sure to check your Information Security Policy and Business Continuity Plan are up to date.
Q: How has GDPR affected the way Pro Drive IT does business in the past few months?
Operationally it has not changed us significantly as we handle a lot of sensitive client data and have always had very strict internal procedures in place to handle this. However, we have become more formal in our processes in training staff and are spending more time educating them on our policies and procedures in order to help further reduce the risk of any kind of data breach.
Q: Where do you see your services being in demand over the next 12 months concerning GDPR compliance?
I think over time most businesses will want to know that they have the right data and information security measure in place, which will mean them being built into IT systems rather than being a retro fit change or add on. In doing this, clients will want to be able to demonstrate that they have done the ‘right thing,’ which I believe will mean more businesses wishing to become certified against Cyber and Information security standards such as ‘Cyber Essentials.’
Our GDPR workshops are designed to help businesses understand what exactly you need to do to be and stay compliant. We can also offer advice on training staff, implementing cyber security and business continuity which go hand in hand with GDPR compliance.