Before we start we want to point out that our objective is not to scare you, in fact it is quite the opposite. We want to help! We will be writing a blog post every couple of weeks providing hints, tips and news about GDPR.
The GDPR (General Data Protection Regulation) is coming. Getting ready for it is not a quick process. In 2016 the UK Information Commissioner's Office (ICO) gave organisations in the UK 2 years notice (104 weeks) to be ready by the deadline of 25th May 2018.
As you will see above there are now only 44 weeks left to go and many businesses have not even started to assess their current position ICO VIDEO 1 year to go https://youtu.be/vI39FRkM3DA Early on in 2017, and after speaking to many businesses up and down the country, Lancashire based HM Network identified that there was a severe lack of GDPR awareness both in the public and private sectors.
As of June 2017, only around 6% of UK businesses saw the GDPR as a priority. With less than a year to go there is no time to waste. When HM embarked on our own journey, we quickly realised that it would require a substantially more work, time and energy than we initially thought. It was clear that it was not going to be an overnight job.
The GDPR is the biggest and most important change to the data privacy and data protection regulation in 20 years and requires active participation from every department in your organisation.
As business owners, leaders of organisations and team members, it is essential that you understand that the GDPR is not just Cyber Security and IT related. Yes, those are vital pieces of the puzzle, but it only forms around 10% of the overall GDPR program - 90% relates to processes concerning privacy. Please do not presume that your IT team or suppliers will just deal with this.
Most of the work is in educating and re-educating everybody in your organisation. Training, checking contracts in your supply chain, putting into place policies and procedures and most importantly understanding the consequences. This is an organisational culture change regarding how personal data is acquired, managed, shared and retained.
Brexit will not change GDPR - it will replace the current Data Protection Act 1998. With severe fines of up to £17 million or 4% of Global Turnover, whichever is greater, even a simple human error could be costly in terms of monetary fines and company reputation.
Almost everything you do will need to be re-considered. What data do you have, where do you store it, how do you handle it, who has access to what? We are not just talking digital either. With this level of scope, tight time and resource pressures and the need for a high-quality solution - where do you turn?
There is an abundance of information available including some excellent free “self-assessment tool kits” to help you on your way. The collection HM Network have put together for you has been arranged into sector specific groups for your convenience.
The first step is SHARE this information across your organisation - You are ALL involved FREE ICO TOOL KITS http://www.hm-network.com/free-gdpr-tool-kits/
Completing a self-assessment relevant to your business or role will give you an idea of where you are now, helping you focus your efforts on areas of greatest need. Self-assessments alone are good but are not interactive when you need guidance.
You might need help to interpret what the regulations mean to your specific organisation - help with process templates or building training programs. You will most likely benefit from an expert who can listen to questions you may have and provide practical guidance and best practice, maybe even templates to follow.
Not necessarily. As we mentioned earlier this will take a lot of planning and resource so should not be left until the last minute. GDPR will be replacing the DPA (Data Protection Act) and PECR (Privacy and Electronic Communications Regulation) which include fines of up to £500,000 for non compliance.
If you would like to see example of action and fines already being issued ahead of GDPR check https://ico.org.uk/action-weve-taken/enforcement/
You might already have relationships with specialists in certain fields who can help with questions you may have. Talk to them to address areas that need attention. If you don’t already a team of professionals on hand HM Network can help. We took the initiative to assemble the group of specialists for our GDPRExpress Sessions.
We held 3 events in June and had over 150 attendees. GDPREXPRESS events include advice from professionals who already understand the regulations and can help you get your businesses on the right track.
There is no magic button, but with the right help and support you can be in a much better position, faster and at less cost and risk. We will run regular sessions around the region over the coming months, just look up the hashtag #GDPRExpress on social channels including twitter, linkedin, facebook and eventbrite for news and upcoming events.
Ultimately it is up to you how you address the GDPR and who you choose to help you.
If you do want help with certain pieces of the puzzle, or want an end to end solution including detailed assessments and training – contact us and let's discuss your situation - we can help in areas including: Connectivity, Legal, Cyber Security & InfoSec, Cyber Crime, IT Recycling & Data Disposal, Data Protection Officers & Training, Compliance, Business audit services including marketing & selling, plus keeping you up to date with Lancashire business resources and funding.
Please contact us if you have any questions, would like to know about upcoming #GDPRexpresss sessions or would like a consultation in any of the areas above. You can email us at email@example.com or call 03333 444 190.