Now Is Definitely Time To Check You Are GDPR Compliant

Uploaded on 2019-06-19 in FREE TO VIEW, BUSINESS-Services-Law

It’s been a year since the EU’s GDPR (General Data Protection Regulation) was introduced. Sine then, there have been the many warning to organisations to get their houses in order and implement appropriate data protection measures for fear of enormous fines. 
 
As promised, the authorities started softly in enforcing and policing GDPR compliance. To date, the  fines imposed during the first year of the GDPR totaled €55.96 million (about £47.85 million), nearly all of that came from a €50 million (about £42.7 million) fine for Google.
 
The key question now, as that soft start wanes, is: how can you check that your organisation truly is GDPR compliant?  
There are four key areas you need to consider:
 
General Compliance
The GDPR includes 99 articles with hundreds of individual legal requirements, some of which only apply to some organisations, or only in certain circumstances, so it can be difficult to really gauge whether you are meeting your obligations. 
A gap analysis guides you logically through all the Regulation’s relevant requirements to identify which ones you are meeting and where you are falling short. It gives you instant visibility of your current compliance status and enables you to easily identify the actions you need to take to protect personal data and comply.
 
DSARs
A DSAR (data subject access request) is a request from a data subject, whether a customer, partner, supplier, employee or other stakeholder, for a copy of the personal data you hold and process about them. Under the GDPR, you must respond to a DSAR within one month and for free, and you must make sure that you can demonstrate that you have met this obligation. 
Clearly, then, it makes sense to have a consistent and, where possible, automated means of responding to DSARs. The gap analysis may identify this as an area you need to work on. 
The point is that, to achieve ongoing GDPR compliance, you need to ensure that every new DSAR is treated properly.
 
Breach Reporting
GDPR compliance requires you to keep a record of all breaches and incidents involving personal data that occur within your organisation, and it’s valuable to streamline how you report these to your supervisory authority. 
Again, the gap analysis may identify this as an area you need to work on, but to maintain ongoing GDPR compliance, you need to ensure that your recording and reporting processes are adhered to every single time.
 
Third-Party Management
It is important to remember that the chain of responsibility for GDPR compliance stretches beyond the boundaries of your organisation to any third-party partners or suppliers that are involved in processing personal data. You need to be able to monitor these and ensure that they are contributing to, not damaging, your own GDPR compliance.
 
Only by taking a logical approach to all four of these areas can you be sure that your organisation is truly GDPR compliant, and only by reviewing them on a dynamic, continual basis can you be sure that you are maintaining compliance.
 
Now is the time to check your GDPR compliance – here is the European Union Official GDPR Checklist 
 
Security Boulevard
 
You Might Also Read:
 
GDPR Alert As Average ICO Fines Double In A Year:
 
 
 
« Is Artificial Intelligence Ready For Your Organisation?
Britain Hacks Back »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

AVR International

AVR International

AVR educate, advise, analyse and provide professional, technical consultancy and support to ensure your business is safe, compliant and protected.

IMS Networks

IMS Networks

IMS Networks specializes in the design and management of high criticality networks and telecoms services including network security and Managed Security Services.

Intertek Group

Intertek Group

Intertek Group provides Assurance, Testing, Inspection and Certification services. Activities include cybersecurity testing and certification.

Xcina Consulting (XCL)

Xcina Consulting (XCL)

Xcina Consulting provides high quality business and technology risk assurance and advisory services.

H-11 Digital Forensics

H-11 Digital Forensics

H-11 Digital Forensics is a global leader of digital forensic technology.

Corelight

Corelight

Corelight is the most powerful network visibility solution for information security professionals.

archTIS

archTIS

archTIS specialises in the design and development of products, solutions and services for secure information sharing and collaboration.

SterlingRisk Programs

SterlingRisk Programs

SterlingRisk’s Cyber practice brings experience working with a wide array of clients across a broad spectrum of industries.

Informatics International

Informatics International

Informatics is a leading ICT provider in Sri Lanka, providing cutting-edge software & infrastructure solutions and services including cyber security.

Pentest Limited

Pentest Limited

Pentest Limited provide information security consultation, penetration testing & red teaming services to companies across the globe.

Aiden Technologies

Aiden Technologies

Aiden simplifies your IT process, giving you peace of mind and security by ensuring your computers get exactly the software they need and nothing else.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

Anura

Anura

The world’s most accurate ad fraud solution protects your web assets by eliminating bots, malware and human fraud, ensuring your content is seen by real people.

SecurityBridge

SecurityBridge

SecurityBridge provide a cybersecurity connection between our customers’ IT departments, the forward-facing business services, and their SAP applications.

ARC Risk and Compliance

ARC Risk and Compliance

ARC Risk and Compliance is a consulting company comprised of a team of AML Specialists completely focused on anti-money laundering compliance and the technologies used to support compliance programs.

Somos

Somos

From voice to messaging to fraud prevention and beyond, Somos are committed to developing innovative solutions that ensure that our ability to maintain trustworthy connections never stops.