With T minus 15 months before the new European General Data Protection Regulation (GDPR) comes into force, the role of Data Protection Officer (DPO)- Head of GDPR if you will -is an unenviable task. Ensuring clients have opted in, ensuring clients can opt out, aligning process with technology, and training staff are just a few tasks that need to be completed by March 2018.
As you can imagine this is certainly no mean feat when you have the threat of unprecedented fines being waved at you. If overcoming this isn’t daunting enough, the real challenge comes with securing personal information that lives in a place where you don’t have complete control – Public Cloud platforms, SaaS applications- apparently this is still DPO's problems.
To achieve GDPR compliance it’s critical to gain a clear understanding of the scope of sensitive data and how this information moves both within and outside of your organisation. Building in controls such as ISO27001, Cyber Essentials, and extending this to third party supplier contracts, will ensure the data governance and security principles that you maintain within your organisation are adopted by parties outside of your control. A clearly defined process alongside information security user awareness campaigns will help any DPO in their ever changing, ever growing role.
- By Martin Collins, Head of Networking and Security
Start Your Journey to Compliance
Ultima’s team of Security and Risk consultants have tailored GDPR Jumpstart packages that will help identify gaps in your GDPR position. We've included some helpful resources below to help get you on the right path to GDPR compliance.
The first step in preparing your organisation to comply with the EU General Data Protection Regulation (GDPR) is to understand exactly where data comes into your organisation and its journey through your organisation.
Cyber Essentials
In conjunction with CESG, the UK Government has developed the Cyber Essentials Scheme for organisations of all sizes looking to confirm they have correctly implemented cyber security controls. Through the Scheme, your organisation can verify its cyber security protection measures across 10 key areas.
Security Threat Analysis
The network security landscape is changing on a daily basis. Ultima can help baseline your security infrastructure to help protect you from future threats.
User Awareness Training
As an organisation’s most important asset, it is vital that information is adequately protected by IS professionals who can assure its confidentiality, integrity and availability.