Is your businesses yet to make that ‘GDPR Compliance’ step, and may not fully understand the regulation? Please do consider it, as action NOW surely has to be cheaper and less intrusive than LATER?!
The need for your business to be compliant or preparing for it is not just about your business in isolation to the regulation, but instead about the businesses that are up and downstream of you, the data that you share, the way in which you are integrated and connected and of course about how well all staff within the trail are trained on their level of responsibility for the regulation and Information Security. If you are in any doubt or do not share my view follow this link to the Information Commissioners website where you can see the most recent companies that have been contacted – https://ico.org.uk/action-weve-taken/enforcement/.
My colleagues in many different businesses are doing some great work helping businesses gain that full and complete understanding of the regulation using resources such as training and apps and this is something that must continue as businesses and the environment in which we operate changes and grows in both size and complexity.
However businesses also need help and support beyond that point. Help in taking their understanding of the regulation and map that to an effective personal information management system that will ensure their compliance level both within their business and supply chain.
Over the last 18 months I have spoken at many events, carried out numerous Data Protection Impact Assessments, Personal Information Management system audits and conducted in-house training sessions all with the aim of taking businesses beyond that initial understanding of the regulation and enabling them to understand, implement and manage the necessary strategies in their business to reach and maintain compliance at both Organisational and Technical levels.
It is critical that businesses understand that compliance is not a one-off event and must be managed ongoing and to me any compliance strategy, and I have seen many, that does not integrate with business-wide change control, includes the supply chain are not going to deliver and the business may not be compliant as a result.
At TCS we have a well developed and complete offering around GDPR compliance, starting with initial training, implementation of the Data Protection Impact Assessment (DPIA), Policy and Process all the way through to providing you with support if you have an event whether this be a Breach or Subject Access Request, we are here for you and if your compliance needs change or become more complex we have a range of software solutions ranging from Certificate and Supplier management apps though to Virtual Data Protection Officer (DPO) and Personal Information management system tools.
If you get in contact you can be assured of a great level of service and a professional approach at all times.
Director and Consultant, Andrew Pentney