The General Data Protection Regulation (GDPR) will come into action on 25th May 2018 and it is important that every organisation takes note of what it will include.
Many of the GDPR’s main concepts are similar to those in the Data Protection Act, so if you are currently complying properly with the DPA then most of your approach to compliance will remain valid under the GDPR. However, there are new elements in the GDPR, so you will have to do some things for the first time and some things differently.
So here are 5 things that you need to do to prepare for the introduction of the GDPR:
1) Awareness
You need to ensure that the decision makers and key people within your business or organisation are made aware that the law is changing and let them know the impact this will have.
2) Information you hold
You make note of the personal data that you are currently holding, the source of that data and who the data is shared with.
3) Processing personal data
You should identify how your organisation goes about processing data, document it and compare this to what is advised in the GDPR then make any relevant changes.
4) Data breaches
You need to make sure you that have the right procedures in place to detect, report and investigate a personal data breach. Create an action plan for what you would do following a breach of data at any size.
5) Data Protection Officers
It is important to designate an individual within your organisation to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure. You should consider whether you are required to formally designate a Data Protection Officer.
How can Key Digital help?
Key Digital can help to ensure that your IT infrastructure is configured robustly to minimise areas of risk, such as avoiding data loss through unencrypted hard disk drives and USB ports. Our print management software allows documents to be securely released on demand to avoid private and sensitive documents being left on output trays, and can provide detailed insights into the type of information that is being printed.
Breaches of data within an organisation are often from an internal source. Key Digital will help you to put measures in place to help identify the source of a data breach should it originate from a printed document. Digital signatures can be enabled to help you to identify who printed a leaked document and what else that user was printing leading up to the data breach, thereby mitigating further risk of data loss. A print audit can also form part of the organisation’s wider information audits to ensure you’re on track for compliance.
It should be stressed that compliance with GDPR is not available as a complete product/software-based solution and will only be achieved with a combination of awareness and appropriate processes. Technical solution will simply make those processes more practical and efficient.