Anyone who takes even just a passing glimpse at the business press will have noticed that the subject of GDPR has been pretty much inescapable over the last 12 months.
It’s fair to say that anything that could be written about this new wide-ranging EU data protection regulation has now been, we’ve focused on it right here on this blog, so we won’t go over old ground. However, it can be aptly summed up by the statement that any organisation that processes personal data has a legal requirement to respect individuals’ privacy and secure their data.
However, we’re now just a month away from GDPR implementation this May and at DCS we’re still speaking to plenty of businesses who maybe feel they’re not quite ready. Now, these states of readiness do vary wildly from the completely unprepared (and even dismissive) through to those who feel their preparations just need a bit of polishing ahead of implementation.
Obviously, as a business technology solutions provider, we have been questioned at length by clients on the role our solutions can play in helping them to achieve compliance. Our initial answer to all of these enquiries has been the same though – While technology is an enabler, it will only ever be part of an overall solution as GDPR compliance is also about business processes.
Just like the fact no single software, system or consultancy service can guarantee complete information security, neither can they guarantee GDPR compliance. Instead organisations need to ensure they have a comprehensive understanding and mapping of the data assets they hold before taking action to protect it, minimise risks of a possible data breach and ensure they have adequate plans in place to ensure business continuity.
Determining how GDPR compliant or ready an organisation is, requires companies to look at their current processes and procedures, and ensure they have adequate protection and detection in place.
As the critical business systems we implement and support, such as SAP Business One and Sage 200, sit very much at the centre of our clients’ plans for managing GDPR we have already been involved with several projects to assist clients in their own drives for compliance. Having developed a tested approach to this process we’re now pleased to offer this service to all of our clients as a packaged consultancy offering.
Below is a brief overview of what DCS will deliver for you as part of our 3 stage approach:
Stage 1: Introduction to GDPR and workshop
- Review key terms and principles of GDPR
- Walk through data protection impact assessment with your department managers
- Provision of further templates and how to complete them. Discuss internal processes, e.g. breach process, right to erasure, right to be forgotten
- Discuss departmental scenarios and activities required for each team to complete their own data protection impact assessment
Stage 1a: Return visit to review assessment templates completed post-workshop
Stage 2: Off-site review of completed templates, creation of report and risk profile
Stage 3: Presentation of report back to the business + follow-up on Q&As raised during the process.
- Review risks identified from data review exercise and proposed mitigating actions
- Plan progression of actions/next steps/dates
If you think that you could benefit from the assistance of DCS as you continue your preparations for GDPR, be that ahead of implementation or following on from it, then don’t hesitate to contact us today and we’ll be happy to discuss how we can help.