If you process personally identifiable information (PII) in the UK, then you should already be complying with UK legislation – specifically, the Data Protection Act 2008.
However, the General Data Protection Regulation (GDPR) tightens up the control and processing of data for all EU citizens. It is the consequence of the EU’s desire to guarantee individuals’ privacy rights in a digital world.
The biggest difference is that GDPR has teeth. Effective in May 2018, the GDPR requires mandatory notification upon breach, with penalties of up to 4% of global turnover or €20 million – whichever is greater. Custodial sentences will also still be possible for data protection breaches under other UK legislation.
While most, if not all businesses have begun to understand GDPR, many are just not prepared. No doubt your firm will store vast amounts of information on clients, much of which would be considered sensitive data.
Not only is this data held centrally, but it also needs to be accessed by people on the move using mobile devices, via email and other channels. Even the most diligent firm is likely to have compliance gaps, unless they are already well underway with their plans. Put simply, there is a lot to do. It takes time.
To be GDPR compliant you’ll need to demonstrate accountability for how you store, maintain and protect both your client and employee data. You shouldn’t underestimate the effort required to develop policies, embed new processes, educate staff and ensure the right security and encryption is applied to all your devices.
There’s no doubt your firm could implement these changes by yourself. There is a wealth of information online if you have the time and resources to plough through the detail. Yet there is no set of overarching standards or template. You'll have to figure out your approach on your own.
If this doesn't sound very appealing, you can turn to experts like Oosha to help accelerate your readiness and keep you compliant. Not only does this leave you free to focus on running your business, you’ll also have the peace of mind of having a GDPR specialist on hand to provide ongoing advice and support.
Our GDPR services come in two parts. Firstly, we help you accelerate your GDPR readiness and then provide ongoing support to help you stay compliant.
We'll help you assess your current compliance gaps, provide detailed recommendations and support the activity required to get your firm GDPR ready:
- 5-7 day GDPR compliance gap analysis (onsite & remote)
- Cyber security gap analysis
- Network assessment and penetration testing (optional)
- Full gap analysis report with detailed recommendations
- 12 step remediation roadmap (Policies, processes, IT security etc.)
From 25 May 2018, you'll need to ensure you continue to maintain your GDPR compliant processes and manage any incidents in accordance with GDPR guidelines. Oosha provides a comprehensive service to support you, which includes:
- Virtual Data Protection Officer (DPO)
- Quarterly remote consultancy & compliance health-check
- Annual onsite audit and review
- Data breach incident response management (5-24 hours)
- Onsite forensic support
- GDPR staff awareness training (online)
- Risk intelligence network monitoring
We can also support you with a range of additional services, such as: Device encryption & lost device data deletion (laptop, mobile, PC etc.); Mobile device management & email archiving & protection; comprehensive Data Protection Officer training.