31 August 2018

Three months post-GDPR - Are you still compliant?

With over three months having passed since the GDPR came into action, IRM poses the question – are you managing to maintain GDPR compliance?

The GDP-what?

The EU GDPR deadline may feel like ancient history, but many companies are still getting everything in order over three months later. This disorder is highlighted by an Infosecurity survey which shows that over 1/4 of organisations are not confident that they will pass their first GDPR audit. These concerns may stem from the fact that it’s not simply about becoming GDPR compliant, it’s about maintaining compliance over time.

Finding an efficient way to manage your compliance can seem daunting. With scaremongering tactics over fines and penalties, it can be tricky to find a positive, manageable and efficient solution. Despite this, it’s hugely beneficial (and vital) for organisations to find the right solution to maintain GDPR compliance.

Data means everything

Your organisation isn’t alone if it finds the storing, transferring of data the biggest challenge when it comes to the GDPR. The data of all EU residents needs to be held securely and lawfully. Organisations are increasingly under scrutiny to produce evidence of effective controls in this area.

The chances are, you are processing more data than ever before. Don’t make the mistake of thinking GDPR doesn’t apply to you if you don’t store customers’ personal information. It’s important to still put measures in place to safeguard data.

Cyber security should be top of the list on your GDPR compliance journey. By building up defence, you can drastically reduce the risk of your data being breached. In the unfortunate event a hacker does get through, you will be able to prove to governing bodies that you had appropriate measures in place.

GDPR punishment in action

Many thought that the threat of fines for the new data protection regulation was simply an intimidation tactic. Despite this, many big and small companies have since suffered the consequences of their GDPR non-compliance.

In one example, Everything DM Ltd was recently fined £60,000 by the Information Commissioner’s Office. This was after the company sent 1.42 million emails to customers without consent between 2016 and 2017. Despite the emails being sent pre-GDPR, this fine highlights the ICO’s commitment to legislation.

What now for GDPR?

Perhaps you’ve already put some actions in place to certify marketing permissions and opt-ins for your data. Have you thought about processes going forward? Whilst it’s great if elements were put in place to ensure your organisation’s compliance for the May deadline, it’s important to continue implementing policies and procedures. These will ensure that your staff are fully-trained on the regulation, with little room for policy breaches.

Implementing policies and maintaining good practice ready for audits can seem like a big mountain to climb. However, technology solutions available on the market can help simplify and automate your journey to data management compliance.

A possible solution

The IRM SYNERGi platform is a complete governance, risk and compliance programme. It’s designed to establish relevant controls, manage incident response plans and assist with GDPR compliance. With pre-built templates for compliance questionnaires and self-assessments for EU GDPR, SYNERGi takes the complication out of ensuring your organisation’s security.

Purchasing a technology solution like SYNERGi means you can:

  • map out your data assets
  • establish high priority assets
  • define implementation activities, roles and responsibilities and controls

How can SYNERGi help?

Our fully-trained experts can help you analyse the vast amount of personal data your organisation holds in multiple locations. Using this skillset alongside SYNERGi allows you to record your information assets and map them to your hierarchy. In turn, this provides a realistic and up-to-date view of the information assets your organisation holds. You can easily track what data you have, why you have it, what it is being used for and if consent is needed.

If you are interested in learning more about SYNERGi’s GDPR suite, click here to contact us. We will put you in touch with one of our experts who can discuss your individual needs and provide you with a SYNERGi demo.