Despite a lot of the fanfare and marketing hype, it is not too late to get started on General Data Protection Regulation (GDPR) processes and policies. Here we highlight some excellent resources to help you.

GDPR is similar to something already in place called the Data Protection Act in the UK since the 1980s. The GDPR driven by European Union (EU) will strengthen, update and supercede the Data Protection Act on the 25th of May 2018. Even with Brexit, the UK will still need to abide by these rules.

Existing Framework

Your business might already have some of the following that can be used to formulate a company GDPR policy or incorporate them into existing ones.

• Staff handbook
• IT policies covering security and data
• Disaster Recovery Plan
• Operating procedures
• Also, see IT Services to help with your GDPR preparations

Overview

One of the first places to start is the 11 page PDF from Information Commissioner’s Office. The guide will give you an excellent summary of the regulation.

Preparing for the General Data Protection Regulation (GDPR) 12 steps to take now

Carry out a data audit

Think about the information and data in your business. Ask yourself the following questions

• Where do you keep company data?
• What type of data is recorded?
• How is data captured?
• How is transmitted to 3rd parties?
• How long do you keep data, the retention policy?
• Security of company data?

Are you data controller or a data processor?

Example scenario – You outsource your company payroll to another company. They will need personal employee data to pay your staff wages. Your organisation is data controller of this personal information, and the outsourced payroll company is a data processor. You control the data, it belongs to your organisation or should we say, you are guardians of that personal data? The outsourced payroll company is simple processing that data on your behalf.

Software vendors and Cloud Service Providers

Many popular cloud providers and software vendors have dedicated sites outline how their services can be made GDPR compliant. Some provide auditing tools to help you with implementing GDPR procedures, such as centralised search, data retention policies and deletion of data.

• Microsoft GDPR
• Google GDPR
• Dropbox GDPR
• Sage GDPR

Check Lists

• GDPR checklist for data controllers and processors
• GDPR Checklist – Norton Rose Fulbright
• Checklist for tasks needed in order to comply with GDPR
• DMA – GDPR Checklist

Videos

HPE overview in less in 90 seconds

Introduction to GDPR from Federation of Small Businesses

Microsoft Office 365 and GDPR

Understanding GDPR and the tools in Office 365 and beyond to help meet its requirements

Latest on GDPR at Microsoft

Official Regulation

Download the Official Regulation

Disclaimer: The information onsite this site is for your general guidance only and is not and shall not constitute legal advice. If you need information on your rights and responsibilities around data protection matters, please obtain specific legal guidance and contact an adviser or solicitor.

If you would like to learn more about GDPR, security and data compliance, then please contact David or Jamie on 0330 058 1701 or email sales@dunedinit.co.uk