Time left for GDPR compliance
What is the GDPR?
The General Data Protection Regulation (GDPR) is an EU regulation that is enforceable from 25th May 2018. Its provisions apply irrespective of any Brexit negotiations.
It lays down stringent new conditions for obtaining and protecting data about people as individuals. For customer/client data management, staff records and direct marketing activities, it might mean dramatic changes to processes in daily use.
GDPR compliance is far more concerned with processes in organisations than IT security, however IT has its part to play, too. And the penalties for allowing a data breach to happen will be far larger than under previous law.
At Bristol IT Company, we are familiar with the new legislation, and can advise and assist you in implementing any necessary upgrades to your IT security.
It is important to stress, however, that most changes required to comply with the GDPR will be to company processes, rather than technical IT matters. Of particular concern are auditability of data management processes and the workflow for obtaining and safeguarding personal data sets, and destroying them once they are no longer required.
It's probably fair to say that the GDPR writes into law what has been, up to now, best practice for the management of personal data. So most of the issues are well understood already.
Your plan for GDPR compliance should be well in hand, but even if it isn't yet, there may be no need to panic. Contact Bristol IT Company to talk about how our Security Operations Portal (SecOps) can help you with all your GDPR documents, audits and processes. More information can be found on our Security Operations Portal page.