How One Business Became GDPR Compliant: A Case Study
Last week, we held our second GDPR event in partnership with Microsoft and Mimecast. The event was designed to help local businesses understand the new legislation. Additionally, we provided information on which tools they could implement to aid compliance.
We understand that the GDPR can seem like a complicated topic with a lot of different factors to take into account. Consequently, businesses are often left thinking ‘where do we start?’. With the help of Arden’s GDPR consultant Robert Healey, we have put together an article outlining the details of how one business became GDPR compliant. This should give you an idea of the steps your business can take now, to get ready for the new legislation.
Interviews were undertaken at both department and senior leadership level. This helped to identify all areas of data storage and processing and ensure that all elements of risk were addressed when creating the compliance plan.
Processing Records and Compliance Documentation
Information analysis and data mapping (using the questions below) were then completed. This helped to gain a better understanding of the data the business had access to, which data will need to be destroyed, and which will need to be kept under increased security to minimise the risk of a breach.
Product recommendation: Sophos Intercept X and Sophos Endpoint Antivirus will ensure that your endpoints are secure from the latest malware ransomware and viruses, meaning any data your business stores, won’t fall into the wrong hands.
Establish a Data Protection COE
Develop a policy that establishes core principles for the protection of personal data. This alongside the appointment of a Data Protection Officer will serve as a foundational for other subordinate processes.
Confirm Cross-Border Data Transfers
Ensure that all cross-border data transfers are in alignment with the new rules regarding consent. For employees on the move, Safeguard Encryption by Sophos can help you to keep individual files secure wherever they go. Therefore, this will help to maintain compliance even when engaging in cross-border data flows.
Prepare HR-Specific Deliverables
These include employee notices which cover consent issues and procedures for managers. For example, the way in which access requests and other data subject rights should be addressed. Other deliverables include updates to your code of conduct and information regarding staff training.
At this point you will be ready to familiarise yourself with the ways in which you can prove your business is GDPR compliant
Do you need more information about how you can get ready for the GDPR?
We wish to emphasise that Arden Group is a Managed Service Provider and not a legal firm. Therefore, the views brought forward in this page are not necessarily shared by lawyers or courts.
Arden Group, therefore, does not guarantee that all information is factual and interpreted correctly. If you wish to ensure your advice or your company is legally covered by GDPR, consider consulting legal or specialised advice.