Time to get compliant

Days Hours Minutes Seconds

Have you started yet?

Although there is still a little over 5 months to go until all European Firms need to be complaint with the GDPR - there is a lot of work to be done. Your first step will be to do a Data Audit. This will help you understand just how large the road to compliance is for your company.

The new Rights

the GDPR is designed to give people 8 new rights

  • The Right to be Informed
  • The Right of Access
  • The Right of Rectification
  • The Right of Erasure
  • The Right to Object
  • The Right to Portability of Data
  • The Right to Restrict Processing
  • Rights relating to automated decision making

Your company stores personal data

At the least, all businesses store data about their employees

If you store a person's name, and any other data about that person (eg. a Date of Birth; National Insurance number; their wage) you are storing personal data about that person. Even if it is in a notebook (handwritten) you will need to have identified it, and put in place some processes to protect it

Complete a data audit

A good way to get started

A data audit is a list of ALL data that you store as a company. A lot of the data will be out of scope for the GDPR - but only when you know what you have, can you decide if it should be protected or not.
Before you start - or during the process you may decide that you need a Data Protection Officer (DPO) to manage the audit and outcome. This person will have very specific responsibilites and powers.

Formulate a process and an appropriate response

So now you know how big or small your problem is - what next?

Once you undestand the size of the problem you can start to put in place apropriate policies, procedures and security measures. If you have just one spread-sheet which contains all the personal information you store, and only two people have a business reason to access it - then it would be perfectly appropriate to pasword protect this in excel (which strongly encrypts the data - so don't forget the password!). Once this is done, tell the other person that needs access to it - and ensure they understand the importance that know one else access the data. If you want to go a step further - you could set-up logging to report on that file and see when its openned. But - that would be enough. In reality - we think it likely you will have a lot more data to deal with. And so - appropriate security, monitoring and encryption will be more complicated, as well as the process you need to put in place to properly manage the data...

How Fulcrum can help

We have 18 years of experience protecting business from threats.

Whilst the GDPR is not intended to add unneccessary burden to business - it does address genuine public concern about their data. Your company's response will let your employees, the public and other businesses know that you have taken the regulations seriously and believe in protecting their data.
At a minimum, you should be implementing the policies outlined within the governments Cyber Essentials pages or even better - get Cyber Essentials Plus certified. If you are looking for the gold standard in security policy - then you will need to implement your own ISO 27001 Information Security Management System. We can help you implement these policies and give you the tools to fully achieve hese regimes. There are also a number of alternatives that lie between these two and so there is bound to be an appropriate path for your business. Fulcrum has all the tools you need to get ready for the GDPR