General Data Protection Regulation
Since 25 May 2018 most processing of personal data by organisations will have to comply with the EU General Data Protection Regulation.
The Information Commissioner’s Office recommends 12 steps to prepare for GDPR:
- Staff awareness
- Understanding and documenting the information you hold
- Privacy statements & policies
- Managing individuals rights
- Managing subject access requests
- Understanding the lawfulness of processing data
- Managing consent
- Requirements for children’s consent
- Managing data breaches
- Data Protection by Design & Conducting Data Protection Impact Assessments
- Need for a Data Protection Officer
- International transfer of data
Of course, a key part of ‘protection by design’ is that you need to look after all of that personal data. Part of the solution to providing protection could be by implementing Cyber Essentials, which can also be accomplished by adherence to the the IASME Governance Standard. Furthermore, by including the specific GDPR aspects, certification to the IASME Governance Standard provides a wider governance system for the management of the controls protecting personal data.
We can help you at any point on you GPDR project.