Sales: 03300 885 250

Steps to take to become GDPR Compliant…

Here are 6 steps that you should undertake to work towards becoming GDPR compliant…

Becoming GDPR Compliant

A question we’ve been asked a lot recently has been ‘Can we use your GDPR documents to pass on to our clients?’ The answer is no…! Each business will have their own policies and procedures to follow, will use different suppliers and handle data in varying ways. It is also extremely important that you have your own understanding of the GDPR rather than simply lifting pieces from here and there…

Step 1: Educate
It is vital that everyone involved in the day to day running of your organisation are aware of the new rules surrounding data protection and what is involved to become GDPR Compliant. The ICO & EUGDPR websites are a good starting point. If you have time to attend a GDPR seminar or work shop, the information provided can be invaluable. Eventbrite list events all over the country…

Step 2: Review Current Policies & Procedures
Once you understand what the new GDPR entails it’s time to audit how data is currently handled across your organisation. You should consider what type of information you currently collect from your customers and where it is subsequently stored.

You should make sure that any sub-processors of your customer data adhere to the GDPR too – if data is misused along the line, joint liability could see you in trouble if a data breach was to occur.

An emphasis on consent is made in the new GDPR – if you run marketing lists you need to ensure your customers now opt in to receive emails and agree to their data being stored. This has a knock on effect with your current privacy policy too and is a document that will need to be updated to become GDPR compliant.

Step 3: Mitigate Potential Breaches
The GDPR aims to makes organisations accountable for breaches and loss of data. If you are to come under investigation or assessment it is likely to stem from a data breach. You should ensure you have eased the possibility of such a breach by reducing the possibilities of cyber fraud, hacks or internal threats such as employees leaving data unsecure.

Step 4: Evaluate your GDPR Risk
Personally identifiable information (PII) is any data that could potentially identify a specific individual or distinguish one person from another. This information is split into 2 areas: Sensitive and Non-Sensitive. Any sensitive information is data that could result in harm to the individual whose privacy has been breached. It is important therefore to ensure this data is encrypted when in transit and when data is at rest. Now is the time to reset your passwords, ensure laptops are locked when not in use and decide who has access to your client data…

Step 5: Identify and Secure your Data
Following on from step 4, the first step to securing your data is identifying and understanding what and where it is. You should compile a list / report showing your data processes so you know where it is located and how it can be properly protected. Offline may incorporate encryption and restricted access. Your sub-processors should also be included – where do you share your clients data? Is the sub-processor committed to being GDPR Compliant? Do you have contracts in place with these Sub-processors?

Step 6: Proving you are GDPR Compliant
A key aspect of GDPR compliance is being able to demonstrate the steps taken towards meeting GDPR requirements. You need to be able to provide supporting documents to auditors if required. For us at Clook we would be able to present re-written terms of business, a revised privacy promise along with our internal policies and procedures written as per our ISO27001 accreditation.

There are many things that a business is required to do to ensure data is secure. Applying these steps and others will not only prepare you for the legal change GDPR brings, it will also provide a better footing and understanding of security as a whole. Putting in the correct strategies, policies and systems now will keep your organisation secure for years to come…

Categories: Company News, GDPR

Clook Internet is a trading style of Sub 6 Limited. Registered in England and Wales Registration No 4439133 | VAT Registration No 844 7894 73