Preparing your company for GDPR

21st March 2017Blog

Are you ready to get in touch?

Request a Call back

Get GDPR Compliant

The EU’s General Data Protection Regulation (GDPR) came into effect in May 2018. To avoid reputational damage and potential fines of tens of millions of Euros, companies must move quickly to understand the legislation and put appropriate measures in place. Northdoor proposes six steps to get you quickly on the path to compliance.

Start talking

Under GDPR, any information that could identify a person must be protected against exposure. The key challenge is to work out what data you hold and in which systems – both paper-based and electronic. At Northdoor, we call this stage “Find IT”. In later stages, you will want to define and manage different kinds of data – “Classify IT” – and you will also need to make sure you have the right compliance structures around people, processes and technology: “Comply to IT”.

In a networked world, you must also think about data you share with partners. The first stage is simply to start the conversation with the business people who own the data and start to work out exactly what you have.

Maintain consent

Once you have established what personal data you hold and taken the first steps to protect it through encryption, you should move on to understand the rights that individuals have over their data under GDPR. You will need to have measures in place for responding to requests to access, amend, transfer or delete data, and you will need to understand the legal deadlines.

This is also a good point at which to consider how you seek, obtain and record consent from individuals to hold their data. You should also consider how you will comply with requests from individuals to access their data, and you should identify and document the legal basis for processing personal data.

Protect data

Under GDPR, notifying the authorities about data breaches will be a universal requirement, so you need to make sure that you have the right procedures in place to detect, investigate and report on personal data breaches. The average UK organisation suffers 3.9 breaches per year, and only 45 percent of those incidents are actually recognised.

In the past, a “privacy by design” approach to personal data was always considered best practice. Under GDPR, it will become an explicit legal requirement, and as a result you will need to verify that such an approach is embodied in your standard practices.

Get the experts on your side

To find out how Northdoor can help you achieve GDPR compliance faster and more effectively, download our whitepaper by completing the form or contact us for an informal assessment. In addition to experience and practical advice, Northdoor offers software tools that enable you to iteratively discover, analyse, classify and encrypt data. We’ll review your existing approaches to data protection and security, and provide a clear checklist of recommended next actions, helping you get started quickly.

Download our “6 steps to GDPR compliance” whitepaper below

Download PDF 

For more information on GDPR please click here 


Solution

Automated Data Discovery, Classification & Remediation Platform

Northdoor data discovery solutions empower enterprises to find, manage and protect sensitive information throughout the organisation, minimising risk.

Solution

Third Party Cyber Risk

Northdoor Third Party Risk & Compliance service integrate cyber risk management into your enterprise risk management strategy.

Solution

Data Masking

Mask personally identifiable data quickly, efficiently and in an easy-to-scale way across multiple systems.

Solution

Data Protection Advisory Service (DPO)

The Northdoor Data Protection Advisory Service helps organisations access experts to manage compliance with data protection regulations

Solution

Subject Access Requests Solution

Northdoor provides a complete Subject Access Requests Solution to increase both the accuracy and the speed of responding to incoming SARs

Solution

Breach Reporting Solution

The GDPR mandates that organisations notify the relevant supervisory authority – in the UK, the ICO – of all data breaches “without undue delay” or within 72 hours.

Our Awards & Accreditations