In an article for Swedish Chambers of Commerce, Daniel Teacher, CEO, talks about your business and their GDPR responsibility.
What companies are covered by the GDPR?
GDPR applies to all organisations processing data within the EU. This includes the UK, despite Brexit coming into play. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
The new GDPR could maybe seem a bit overwhelming to some, what is the most important thing for companies to think of would you say?
Treat GDPR as an opportunity rather than a pain. GDPR is giving you an excuse to finally focus on managing your data, and more broadly security across your firm. It’s time to recognise that your data has and is increasingly becoming a much higher-class asset, which needs to be handled in the correct way.
Take the time to understand your data; appoint someone responsible for finding out where and how is it stored, where did it come from, and who has access to it. After this, you can start making improvements on reviewing your current privacy notices, ensuring this data and secure, and training your staff on what the changes are.
Some have painted a picture of the new GDPR as something quite daunting and massive and scary with big fines in cases of non-compliance, should companies be scared by the new rules?
Definitely not – the new GDPR isn’t out to get you! The Information Commissioner’s Office (ICO) have clearly stated that this law is not about fines, and issuing fines have always been and will continue to be a last resort. The law focuses on putting the consumer and citizen first; it’s aim is to reshape the way organisations approach data privacy.
What are the benefits with the new GDPR if any?
There are a number of benefits, including:
- More control over your data and business processes
- Enhances existing rights of individuals
- Achieving government standards such as the Cyber Essentials Plus certification and PCI DSS
- More effective email marketing via engaging with people who opt in
- Positive organisational change – educating your staff making sure everyone is aware of the changes should create an atmosphere that shifts their ideas about handling data
- Encourage a shift in security culture in general
What companies are covered by the GDPR?
GDPR applies to all organisations processing data within the EU. This includes the UK, despite Brexit coming into play. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
The new GDPR could maybe seem a bit overwhelming to some, what is the most important thing for companies to think of would you say?
Treat GDPR as an opportunity rather than a pain. GDPR is giving you an excuse to finally focus on managing your data, and more broadly security across your firm. It’s time to recognise that your data has and is increasingly becoming a much higher-class asset, which needs to be handled in the correct way.
Take the time to understand your data; appoint someone responsible for finding out where and how is it stored, where did it come from, and who has access to it. After this, you can start making improvements on reviewing your current privacy notices, ensuring this data and secure, and training your staff on what the changes are.
Some have painted a picture of the new GDPR as something quite daunting and massive and scary with big fines in cases of non-compliance, should companies be scared by the new rules?
Definitely not – the new GDPR isn’t out to get you! The Information Commissioner’s Office (ICO) have clearly stated that this law is not about fines, and issuing fines have always been and will continue to be a last resort. The law focuses on putting the consumer and citizen first; it’s aim is to reshape the way organisations approach data privacy.
What are the benefits with the new GDPR if any?
There are a number of benefits, including:
- More control over your data and business processes
- Enhances existing rights of individuals
- Achieving government standards such as the Cyber Essentials Plus certification and PCI DSS
- More effective email marketing via engaging with people who opt in
- Positive organisational change – educating your staff making sure everyone is aware of the changes should create an atmosphere that shifts their ideas about handling data
- Encourage a shift in security culture in general
How important is it that GDPR is dealt with on a top level, including CEOs and CTOs etc.
This is very important: GDPR needs to be taken seriously, and it is ultimately the key decision makers in a business that will lead this disposition. Especially with new rules surrounding things like consent and privacy notices, business leaders can’t afford to make any mistakes, both reputationally and financially. GDPR is a wide spanning regulation touching on various parts of all business; employees, processes, the technology that underpins the business and the activities the business partakes in.
Should companies get outside help with GDPR and if so, who could help ensure the regulation is followed?
Firstly, before reaching out for help, you should review what data protection and privacy resources you already have in place – this will stop you from spending unnecessarily. After assessing what you have, and what you need, it would be sensible to reach out to your IT service provider, so they can recommend what the best practice is for you going forward.
As a Managed Service Provider ourselves, we at T-Tech know the importance of IT Security, and adhering to any new regulations. We have helped many of our clients prepare for GDPR by giving them a clear security strategy, and making sure they are aligned with government standards. Whether that be becoming Cyber Essentials Plus Certified, carrying out an entire network infrastructure audit, or security awareness training for their staff, we make sure our clients are compliant.
Is there anything else you think is worth mentioning that companies need to consider when implementing the GDPR internally?
The responsibility is on you for change. You can seek help and advice from experts, but ultimately it comes down to your firm recognising and wanting to improve processes. Also, speak to your clients about their own responsibility – have they thought about it? Are they following the same route as you are to compliance? Your commitment to ensuring your organisation is well equipped for GDPR is a great first step, so if down the line you do face a security breach, it can be managed and mitigated with minimal damage.
You can find us featured in The Swedish Chamber of Commerce bimonthly The Link magazine.
This is very important: GDPR needs to be taken seriously, and it is ultimately the key decision makers in a business that will lead this disposition. Especially with new rules surrounding things like consent and privacy notices, business leaders can’t afford to make any mistakes, both reputationally and financially. GDPR is a wide spanning regulation touching on various parts of all business; employees, processes, the technology that underpins the business and the activities the business partakes in.
Should companies get outside help with GDPR and if so, who could help ensure the regulation is followed?
Firstly, before reaching out for help, you should review what data protection and privacy resources you already have in place – this will stop you from spending unnecessarily. After assessing what you have, and what you need, it would be sensible to reach out to your IT service provider, so they can recommend what the best practice is for you going forward.
As a Managed Service Provider ourselves, we at T-Tech know the importance of IT Security, and adhering to any new regulations. We have helped many of our clients prepare for GDPR by giving them a clear security strategy, and making sure they are aligned with government standards. Whether that be becoming Cyber Essentials Plus Certified, carrying out an entire network infrastructure audit, or security awareness training for their staff, we make sure our clients are compliant.
Is there anything else you think is worth mentioning that companies need to consider when implementing the GDPR internally?
The responsibility is on you for change. You can seek help and advice from experts, but ultimately it comes down to your firm recognising and wanting to improve processes. Also, speak to your clients about their own responsibility – have they thought about it? Are they following the same route as you are to compliance? Your commitment to ensuring your organisation is well equipped for GDPR is a great first step, so if down the line you do face a security breach, it can be managed and mitigated with minimal damage.
You can find us featured in The Swedish Chamber of Commerce bimonthly The Link magazine.