Now Is Definitely Time To Check You Are GDPR Compliant

Uploaded on 2019-06-19 in FREE TO VIEW, BUSINESS-Services-Law

It’s been a year since the EU’s GDPR (General Data Protection Regulation) was introduced. Sine then, there have been the many warning to organisations to get their houses in order and implement appropriate data protection measures for fear of enormous fines. 
 
As promised, the authorities started softly in enforcing and policing GDPR compliance. To date, the  fines imposed during the first year of the GDPR totaled €55.96 million (about £47.85 million), nearly all of that came from a €50 million (about £42.7 million) fine for Google.
 
The key question now, as that soft start wanes, is: how can you check that your organisation truly is GDPR compliant?  
There are four key areas you need to consider:
 
General Compliance
The GDPR includes 99 articles with hundreds of individual legal requirements, some of which only apply to some organisations, or only in certain circumstances, so it can be difficult to really gauge whether you are meeting your obligations. 
A gap analysis guides you logically through all the Regulation’s relevant requirements to identify which ones you are meeting and where you are falling short. It gives you instant visibility of your current compliance status and enables you to easily identify the actions you need to take to protect personal data and comply.
 
DSARs
A DSAR (data subject access request) is a request from a data subject, whether a customer, partner, supplier, employee or other stakeholder, for a copy of the personal data you hold and process about them. Under the GDPR, you must respond to a DSAR within one month and for free, and you must make sure that you can demonstrate that you have met this obligation. 
Clearly, then, it makes sense to have a consistent and, where possible, automated means of responding to DSARs. The gap analysis may identify this as an area you need to work on. 
The point is that, to achieve ongoing GDPR compliance, you need to ensure that every new DSAR is treated properly.
 
Breach Reporting
GDPR compliance requires you to keep a record of all breaches and incidents involving personal data that occur within your organisation, and it’s valuable to streamline how you report these to your supervisory authority. 
Again, the gap analysis may identify this as an area you need to work on, but to maintain ongoing GDPR compliance, you need to ensure that your recording and reporting processes are adhered to every single time.
 
Third-Party Management
It is important to remember that the chain of responsibility for GDPR compliance stretches beyond the boundaries of your organisation to any third-party partners or suppliers that are involved in processing personal data. You need to be able to monitor these and ensure that they are contributing to, not damaging, your own GDPR compliance.
 
Only by taking a logical approach to all four of these areas can you be sure that your organisation is truly GDPR compliant, and only by reviewing them on a dynamic, continual basis can you be sure that you are maintaining compliance.
 
Now is the time to check your GDPR compliance – here is the European Union Official GDPR Checklist 
 
Security Boulevard
 
You Might Also Read:
 
GDPR Alert As Average ICO Fines Double In A Year:
 
 
 
« Is Artificial Intelligence Ready For Your Organisation?
Britain Hacks Back »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

E-Tech

E-Tech

E-Tech has been providing system support and information technology consulting services including Internet and Network Security assessments.

Red Hat

Red Hat

Red Hat is a leader in open source software development. Our software security team proactively identifies weaknesses before they become problems.

Chubb

Chubb

Chubb is the world’s largest publicly traded property and casualty insurer. Commercial services include Cyber Risk insurance.

Beta Systems Software

Beta Systems Software

Beta Systems automate IT-based business processes, control access rights, monitor processes, secure the network and optimize the infrastructure management of corporate IT.

CyberGreen Institute

CyberGreen Institute

The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem.

Templar Executives

Templar Executives

Templar Executives is a leading, expert and dynamic Cyber Security company trusted by Governments and multi-national organisations to deliver business transformation.

Tata Consultancy Services

Tata Consultancy Services

Tata Consultancy Services is a global leader in IT services, consulting & business solutions including cyber security.

Deceptive Bytes

Deceptive Bytes

Deceptive Bytes provides an Active Endpoint Deception platform that dynamically responds to attacks as they evolve and changes their outcome.

Elemendar

Elemendar

Elemendar Artificial Intelligence reads cyber threat reports written by humans and translates them into industry-standard, machine-readable and machine-actionable data.

German Israeli Partnership Accelerator (GIPA)

German Israeli Partnership Accelerator (GIPA)

GIPA is based on two pillars: it is an incubator aimed at young academics and a program to transfer cybersecurity expertise to corporate partners.

CSC Digital Brand Services

CSC Digital Brand Services

Our brand protection and security expertise give our customers peace of mind that no matter how fast the digital world changes, their intellectual property and digital assets will be secure.

Ethyca

Ethyca

Ethyca builds automated data privacy infrastructure and tools for developers and privacy teams to easily build products that comply with GDPR, CCPA Privacy Regulations.

Valarian

Valarian

Valarian (formerly Worldr) is on a mission to build cutting-edge solutions that empower borderless collaboration in the new era of digital sovereignty.

Cyber Insurance Academy

Cyber Insurance Academy

Cyber Insurance Academy was founded to provide insurance professionals with the knowledge needed to work in cyber-insurance and cyber-related insurance fields.

Thoropass

Thoropass

Thoropass (formerly Laika) helps you get and stay compliant with smart software and expert services.

Compugen Systems Inc (CSI)

Compugen Systems Inc (CSI)

Compugen Systems is an IT service delivery company that focuses on enabling your business outcomes.