You should already be aware that the new EU GDPR directive becomes law on 25th May this year. There seems to be any number of seminars and discussion groups about what the law aims to achieve and what its implications are for your business. Personally, my advice would be to do some research online if you want to really get into the bones of the new law. I would also be hesitant to attend any sort of conference that is chargeable, the whole GDPR thing to me is starting to mimic the “Millennium Bug” for those of you old enough to remember that. I am sure the speakers at these chargeable events are probably very knowledgeable about everything GDPR however, you will more than likely leave the conference still needing to implement a GDPR policy at your business and this is also going to cost you more of your hard-earned cash.
With this in mind we have an Excel Spreadsheet that will ask some probing questions about the data you hold, how you use it and what you are doing to protect it. The path to GDPR compliance can be divided into four simple sections: –
Discover, involves identifying what personal data you have and where it resides. For example, if you use a CRM system to store details on your clients then this would need to be documented, is it entirely in the cloud like Salesforce or does it run on the server in the office like Sage ACT, what about your Payroll information, where is that? Remember your data can be stored on lots of devices including servers in the office, the cloud, PC’s and Laptops, Mobile phones, Email mailboxes, Dropbox, USB Drives, CD’s, Photocopiers and even CCTV systems (yes, you need to think about your CCTV system) to name but a few. It is also worth remembering that GDPR stipulates that individuals you have data on can request it at any point, what procedures do you have in place to export out data to give to an individual should they request it?
Manage is the process of how you look after your data, who oversees the data? does everyone have access to all the data or do you segment it into staff roles?
Protect, think about how you protect your data from physical intrusion, rogue employees, hacking and even accidental loss, look at how you can protect your data with password protection, audit logs and encryption.
Report involves keeping records about why you process the data, the type of data that is being collected about individuals, who you share the data with, where you transmit the data to (other countries), security measures in place (encryption) and so on.
This is where our free Excel Assessment tool can really help, with the correct probing questions and simple Yes, No or N/A answers you can then see a breakdown of which areas of GDPR compliance you need to improve, it will even recommend actions to help you correct any shortfalls.
Now this is not a 5-minute job, neither is it a box ticking exercise, if it was a 5-minute job to make your business GDPR compliant then the whole aim of GDPR is flawed. You will need to implement new policies and procedures, you will also more than likely need to make changes to your existing IT systems.
We can help with all this just get in touch, or you can simply use our spreadsheet to kick start your journey to GDPR compliance. I would however recommend that you complete the spreadsheet as a team, get as many people as you can that use the personal data you hold to sit down and go through the questions to try and ensure you cover every angle.
To receive the Excel file simply email GDPR@leapit.co.uk and our systems will automatically send you a copy over email.
I do need to mention the obligatory legal bit that basically makes me responsible for virtually nothing! but this is the world we live in……: –
The GDPR Excel file is intended to assist organizations with assessing their GDPR compliance progress. The GDPR Excel file is provided for general public informational purposes only. Any results, scoring or recommendations produced by the GDPR Excel file should not be relied upon to determine how GDPR applies to an organization or an organization’s compliance with GDPR, and they do not constitute legal advice, certifications or guarantees regarding GDPR compliance. Instead, we hope the GDPR Excel file identifies technologies and additional steps that organizations can implement to simplify their GDPR compliance efforts. The application of GDPR is highly fact-specific. We encourage all organizations using this GDPR Detailed Assessment to work with a legally qualified professional to discuss GDPR, how it applies specifically to their organization, and how best to ensure compliance.