Who will keep you out of trouble with the GDPR?
Mary Worthington, cyber security specialist at Sanderson Plc
As of May next year, a new General Data Protection Regulation will be changing the way businesses have always handled data. The deadline is looming and the threat of huge fines for non-compliance is pushing organisations to act quickly. So, what are the most important things you should be doing now to get GDPR ready?
The new regulation will, in essence, form as a more comprehensive extension of the data protection acts we already have. With the ever-increasing threat of cyber attacks and several high profile security breaches already recorded this year, the need to protect our data has never been greater.
A pressing problem for most businesses is where to start with GDPR when they don’t know what data they currently have or how they are handling it. The even bigger question most organisations will face is who will actually handle this mammoth task.
What are your current capabilities?
Before GDPR has everyone reeling it is important to look internally and assess what your current capabilities actually are. The first step is to run an internal audit. In some organisations the responsibility of GDPR will sit with the legal team, however with most it will be in the hands of the information security function or a designated data protection officer. Either way these departments will need to have knowledge of the new regulation and the growing power to take on the work load.
Get the right people in
Once you have a good understanding of any gaps in your resources it is then advisable to seek help from specialist suppliers who are engaging with the challenge of GDPR. Resourcing suppliers with specialisms in IT and cyber security should have the capabilities to source either an individual or an entire team who have the ability to handle GDPR from the outset, without further training or investment.
We have already been approached for a number of permanent and contract roles across a huge range of commercial sectors including financial services, consultancies and SME’s. These positions have been anything from entirely GDPR specific hires, to blended positions which will encompass the demands of GDPR alongside other responsibilities. Seeking an experienced supplier who is already actively sourcing candidates for roles like this is essential when finding the appropriate blend of experience and business acumen to do the job. will pay off massively when it comes to finding the right person for the job.
Have you sought business buy-in?
A key challenge for anyone working in this area is advocating a change in behaviours. In order for organisations to successfully adhere to GDPR, everyone within the company needs to be fully on board with what impact this will have to the business and to their daily routine.
To prevent any resistance to the work that needs to be done, education and awareness as well as collaboration between business units are essential to the program. In some organisations this has resulted in ‘GDPR Champions’; individuals who sit within different areas of the business to pioneer the strategy and serve as a point of contact for that function. However you choose to do it, looking at ways you can raise business understanding of what they are doing and why is an essential step to making the process between now and May 2018 a much less smoother road.
For help and advice on your GDPR staffing contact Worthington on 0117 914 5273.
Picture courtesy of Pixabay