2 weeks ago
GDPR Part 2!
Having a nice summer break?
Looking forward to getting back to the office and getting on with the things that really matter…… like GDPR…..
But wait a minute, that was so last May’s problem, right?
We have our policies in place – what could go wrong, right??
For many businesses, the journey to become “GDPR compliant” which they embarked upon earlier in the year meant that many – but by no means all – businesses will have assessed what personal data they hold and policies will have been put in place. But have you thought of the need to use that data to do your risk assessments as recommended by the Information Commissioner’s Office. You know what personal data you hold about your customers, employees, contractors and suppliers and you hopefully have worked out the legal basis for holding that data.
But have you sat down to think about how and where you hold that data, who has access to it, how secure is it and could it be hacked or misused? For example, do you allow employees to take laptops home? Do you password protect your laptops in case they are lost or stolen? In other words, have you carried out a “risk assessment” to determine whether the various bundles of data are secure – where do you store the data, who has access to it, how do you transmit it? And what do you do then to make it as secure as possible?
As we have said previously, the Information Commissioner has said she not only expects businesses to determine exactly what personal data they hold but also to assess exactly how they store and use the data, who has access to it and how secure the data is. Then businesses need to think whether they should update any existing Privacy Policies – remember the GDPR process is not a one-off project. So if you have started your GDPR journey and not yet got round to thinking about your Risk Assessment you need to do so now.
We understand that this journey can be quite demanding (and time consuming!) however, we are here to help to ensure your business is in the best possible position for when the Information Commissioner’s grace period hits the end of the road.