Has it really been 12 months (Effective from May 25, 2018) since the new GDPR (General Data Protection Rules) regulation came into force? Doesn’t time fly when you’re having fun! Although its fair to say that the internet giant Google weren’t having too much fun with their €51 million data breach fine (which could have been considerable worse by all accountants).
As GDPR in the news becomes ‘business as usual’, privacy and security now, more than ever needs to become part of every businesses DNA. GDPR is more than just the IT Managers issue. The security of data falls across many different departments and job titles in all organizations, there is accountability and responsibility right across the board.
A survey undertaken by Rexel around GDPR found that 49% of businesses have an updated digital data security policy but 75% have not updated their approach to physical data disposal. A whopping 65% confirmed that they had not purchased any paper shredding equipment as a result of the new legislation. It would ween that shredding security levels are not widely understood.
It is time be fully prepared and secure at all times. The requirement for businesses to have watertight security practices for personal data with respect to collection, storage, access and disposal of information, has meant many organisations have found themselves unprepared, nearly 40% of breaches are paper based.
Part of the requirement is the need for procedures to be in place for what happens in the event of a breach. It’s really important we extend our policies and procedures right the way through our businesses and we don’t overlook security policies and practices relating to the paper-based data we collect – even at our desks.
Consider investing in a GDPR Compliant Shredder to help with your physical Data Destruction.
Office Shredders | http://bit.ly/2D9uJlQ
If you’re concerned about the way your company is processing personal data, here are some ways you can improve your company’s compliance in six steps:
Appoint a Data Protection officer.
The officer must be fully conversant with the organisation’s responsibilities regarding GDPR and have a thorough understanding of what data within your organisation counts as ‘personal’, where it’s kept, who has access to it and who to report concerns to. The Data Protection Officer does not have to be an employee, you can outsource this function.
Access your systems.
Review all contracts, technology support, procedures and tools that relate to the processing, handling, storing and deleting of data to enable you to identify any weaknesses or gaps that require changes to be made.
Develop a strategy.
Construct a new strategy that will ensure full compliance with the GDPR. This strategy may encompass new investment in technology, revised staff procedures and responsibility for data processing, create new roles within the organisation.
Implement a new organisation policy.
The next step towards compliance is to put your plan into action throughout all levels of the organisation. Invest and introduce new technologies and systems into the workplace. Publish an informative data handling and processing guide.
Launch your new data compliance policy to all staff, provide training and information guides to employees so they are educated and aware of their responsibilities and the changes taking place to ensure the company is meeting requirements of the GDPR.
Review and Improve.
After launching your GDPR compliance plan, it should be continually reviewed and improved, making any necessary improvement to successfully and efficiently ensure your organisation continues to be compliant.
Privacy Filters | http://bit.ly/2HjYnIB
Source via Spotlight – Sharing the Future of Workspaces