who is responsible for GDPR

Who Is Responsible For GDPR?

00Business Risk, Cyber Security, GDPR, Supply Chain Risk

Just who is responsible for GDPR in a company?… Everyone starting at board level down…

GDPR In The Press

There was a flurry of press coverage, interviews, radio and TV coverage recently as the ICO began their campaign to make businesses and other organisations aware that there is now less than 200 working days until the EU General Data Protection Regulation (EU GDPR) and the new UK Data Protection Act become law on the 25th May 2018.

But here at Risk Evolves HQ we sighed with frustration and gnashed our teeth that the wonderful BBC continue to report this as a technology story.

Once more the responsibility for all things data related is expected to fall on the shoulders of the much maligned IT Department / Provider. As we have highlighted previously, the entire organisation has a responsibility.

Who Will Be Affected By GDPR?

The EU GDPR will touch every aspect of the organisation and it is important that organisations begin to work on a strategy now. And we very deliberately say ‘organisation’ as the new laws apply to all organisations – commercial, public sector, charities, not for profit, education, SME’s, sole traders – you name it, it is likely to affect you. In brief, anyone who collects and processes data, regardless of organisations sector and size. And regardless of whether it’s digital (ie. on a computer) or on paper.

The EU General Data Protection Regulation (EU GDPR) and the new UK Data Protection Act become law on the 25th May 2018.

The golden rule – if you have data that can identify an individual, then the data is personal. This could be through name, address, IP address, finger print etc. Personal information needs to be treated and respected in the same way as any other company asset. With care and respect, protecting it from damage or theft.

 

Why is GDPR more than just an IT Manager’s Issue?

  • Human Resources / Personnel : they should manage starters and leavers to the organisation, ensuring that new starter information is correctly managed, that employment contracts and induction programmes  make individuals aware of their responsibility to manage data as an asset. They may need to gain consent from the individual for DBS checks, DVLA checks and gain authorisation to process data for payroll, reassuring them that it will not be misused. If you provide information to pension providers, or companies that provide health care benefits, are their systems secure ? What are they doing as data processors to protect individuals information?
  • Training : the on-going education and training of staff to ensure that they understand how data can and cannot be managed. This needs to include information on what to do if they think that they have lost data
  • Procurement : they should ensure that any 3rd parties who may be used to process data follow the same ethos, that the data is protected, not shared with others, and that only the information that is required is passed to them. Equally, if they lose data, suffer a ransomware attack or suspect that their systems have been compromised,, how will this be communicated to you as the data controller ? And if you have outsourced your IT, does the provider have the correct processes and systems in place to manage your data securely ?
  • Legal : are the contracts that are in place with Customers and suppliers robust enough in the new era ?
  • Marketing : similar to the current legislation, marketing has to change to ensure that customers who have positively opted in to mail (both online and postal) campaigns receive emails,
  • Security : is the office and other premises secure ? How is physical data (ie. paper, old laptops etc) destroyed ?

…. The list goes on ..

Management NEED To Take Ownership Of GDPR

However, absolutely key, the management team need to demonstrate to customers and employees that they are serious about the new legislation by taking ownership for ensuring the resources are available to support. This responsibility cannot be abdicated, and in some instances, they will need to assign the role of  Data Protection Officer to an individual who can join them at Board level.

This is clearly not solely a technology challenge !  It is possible to avoid the over reported threat of fines by taking some straight forward and pragmatic steps now.

We understand that these changes all sound daunting, regardless of the size, sector or turnover of your organisation. However, help is at hand. Contact us to find out how the new legislation and regulations apply to your organisation, and for information on our no nonsense approach to becoming compliant.

Contact Us Now

 

Cyber Security For Small Business

Small Business Cyber Security

00Cyber Security, Featured news, Supply Chain Risk

There is a dangerous trend emerging in small business cyber security…

So many SMEs like you are working in the belief that “it won’t happen to me..”

But we enter into 2017 you cannot get away from the continued warnings about cyber risk and cyber threats, the amount of information is frightening.

Are you carrying on with known or unknown weaknesses in your businesses systems and processes?

If you know the weaknesses then you only have yourself to blame, but the scariest problem is the weaknesses you don’t know that make you vulnerable to a cyber attack.

The Landscape of Small Business Cyber Security

The landscape for cyber threat is rapidly changing as is the nature of a cyber criminal too.

No longer is it a chancer trying to hack your system because they can.

Now it’s as likely to be an organised professional criminal with multi millions as the prize; and of course the more they gain the better and bigger their cyber and hacking abilities become.

Stats released for 2016/2017 around cyber threats were astonishing and in particular the growth in the last 3 months of the year.

More info

Supply-chain-risk

What is Supply Chain Risk

00Business Risk, Supply Chain Risk

What is supply chain risk?

The phrase ‘supply chain risk’ is one that is now heard in the news with increasing frequency. But what it is, how can it affect small businesses, and what should we do to manage it?

Supply chain risk is a potential risk to damage a business from an unknown problem within the supply chain. Essentially it might not directly be your fault, but you should have had procedures in place to check. Remember it’s always your reputation that could be damaged first.

Supply chain risk in Supermarkets & Fashion

Who can forget the media frenzy when horsemeat was found in frozen products like burgers and lasagne sold by the major supermarket chains. Our trust as the paying public in the organisations who supply these goods changed, driving the supermarkets to change their processes.

Since that  scandal in 2013 the way businesses manage and consider who is in their supply chain has changed. As a direct result, a number of supermarkets were forced to learn lessons on how they interacted with their suppliers. Roll forward to 2015, and a new debate food waste and the fate of ‘wonky vegetables‘ commences.

We are now much more conscious of where our produce has been sourced, the contents and the ethical nature of how it has been produced. More info