This time last year we were being inundated with messages and reminders of the new GDPR that came into play on 25th May 2018 and how you can ensure your business is compliant. What may not have been clear is that keeping compliant to the regulations is an ongoing exercise and not just a one off.
GDPR Recap
GDPR affects all businesses who hold ‘personal data’ (see our GDPR glossary) of any sort, be that customer information, supplier information or even employee information. Since the implementation of the GDPR last year, the advice around it may have gone a little quieter – so here’s a reminder of some of the key takeaways:
Communications
Conditions under which you can contact potential customers (must meet one or more):
- ‘Opted-in’
The way you can market to potential clients has changed under the GDPR. Previously companies would purchase data lists of 1,000s of contacts and send them marketing communications promoting their product and services. Now under GDPR these contacts need to be ‘opted-in’ or subscribed to your mailing list for you to contact them. - ‘Legitimate interest’
You must balance your interests against the individual’s. If they would not reasonably expect the processing, or if it would cause unjustified harm, their interests are likely to override your legitimate interests.(Further details on ‘legitimate interest on ICO website). For example if they are an existing customer who bought (or negotiated to buy) a similar product or service from you in the past, it could be said that they have legitimate interest and so can be communicated to.
Data storage and the ‘right to be forgotten’
Getting the consent of contacts to market to them is in itself a challenge – but compliance doesn’t stop after the consent is given. The GDPR means that you have to have records of when they gave consent and how they gave it and be able to remove all traces of their personal data if requested.
Accountability and governance
Ensuring you are complying and can demonstrate compliance. Under this principle is the responsibility of keeping personal data secure and protecting against potential cyber attacks and data breaches.
How IT security can help you comply with GDPR
There are a number of cyber security products and tools that can help you comply with GDPR by protecting any data you have stored on your network.
Security from Sophos
We are Gold Partners with Sophos, a leading provider of IT security solutions who offer a number of products to help you stay GDPR compliant (as well as keeping your business secure). These include:
- Intercept X – secure endpoint devices from unknown threats
- Sophos Mobile – enables remote device wiping and protects from malware
- XG Firewall – block threats before they penetrate your network
Cyber Essentials
We can support you in becoming Cyber Essentials Certified. The Cyber Essentials certification demonstrates to your customers that the most important cyber security controls have been implemented and for UK government contracts is a mandatory requirement.
Staff Training
We provide online, interactive Security eLearning courses to ensure that your staff are not the weak point in your data security.
Bristol IT Company can help support you in your ongoing GDPR compliance using our vast experience in cyber security. We’re supplier independent so we will choose the best solution for your business. Ongoing compliance needn’t be laborious if you engage with Bristol IT.