Cyber Essentials – Preparing your IT systems for General Data Protection Regulation (GDPR)

The European Union have devised the perfect tool to safeguard the privacy rights of its citizens and organisations – GDPR.

 Basically, it’s all about the concerns associated with collecting personal data and how businesses are using it.

 The regulations have the power to unify and strengthen the protection over the data of individuals. 

  • On May 25th 2018, the EU GDPR comes into effect
  • Fines of up to €20m or 4% of global turnover is the price businesses could have to pay if they’re not compliant with the regulation.
  • 72 hours is the timeframe within which organisations are required to report data breaches to their local data protection authority

 So, what should you do?

Ask yourself ‘Are we collecting any personal data? There’s a good chance the answer is yes. There are some obvious things which come to mind when you think personal data; however, there are newer forms of data which have only really become a thing over the last decade – think IP addresses, cookies, tracking tools such as Google Analytics, and any other digital identifiers.

 Make sure you’re telling people what personal data you’re storing about them and what you’re planning to do with it. And remember, consent is key - don’t just assume you have permission to use people’s information – in order to be compliant with the regulations you have to explicitly ask for it.

 Your legal counsel should be coming to your assistance, as should your HR advisors. Every supplier can help you with this also.

 Cyber Essentials

 Cyber Essentials truly lives up to its name, as it is essential for all businesses to have it, especially now that GDPR is around the corner.

 The Cyber Essentials scheme is a form of accreditation that is acquired as proof that your company adheres to cyber security best practices. It’s an organisational standard against which your company is assessed to identify whether your IT systems are sufficiently secure.

 If you want to add this accreditation to your rank of assets, you have a choice of two options - Cyber Essentials or Cyber Essentials Plus (which is a lot more rigorous).

 You can see how this can come in handy, especially with the impending (stricter) GDPR regulations. If you want to ensure that your company is GDPR compliant, Cyber Essentials is one of the best, most reliable answers to the IT aspect of the regulations!

Whether you want to alleviate your anxieties over Cyber Security and Cyber Risk, or you are specifically concerned with being GDPR compliant, the Cyber Essentials scheme is the next key step for you.

 Discover more about the Cyber Essentials scheme at https://www.cyberessentials.ncsc.gov.uk/