GDPR

GDPR comes into effect from 25th May 2018

is your business ready

GDPR Regulation come into effect 25th May 2018 across Europe and has been accepted by the UK.

Anyone dealing with personally identifiable data must be able to demonstrate that they are accountable and comply with all GDPR Regulations.

 

What are the basic principles of the GDPR regulation?

  • Fairly and lawful processing of data.
  • Data is processed only for the limited purposes it was given.
  • To ensure data is adequate, relevant, not excessive.
  • To make sure data is accurate and up to date.
  • To ensure data is not kept for longer than needed.
  • To process data in line with a data subject’s rights.
  • To ensure data is secure.
  • Data is not to be transferred to 3rd world countries or internationally without prior consent.

Did you know?

Magnet Protect, built on the world’s leading security platform Palo Alto Networks, is the ultimate protection for your business. Guiding your business on the right path towards GDPR compliancy

Free Download

Magnet Networks are offering an exclusive PDF guide which will help your business get GDPR ready. Fill in the form below to get your free download.

Please be advised that a Magnet Protect Specialist will contact you within 1 business day of downloading the Ready Reckoner.

“How do I know if my business is GDPR compliant?”


Answer the questionnaire below and find out.

GDPR Questionnaire

Step 1 of 4

25%
  • Part 1 > Data Subject Consent

Top 10 Tips

to help get your business GDPR ready

We prepared an exclusive list of the top 10 things you can start to do NOW to get your business on the path to GDPR compliance.

1

Start Preparing NOW


 

The sooner you begin to prepare for the GDPR, the more cost-effective it will be for your organisation. Implement a structure and appoint a dedicated Data Protection Officer (if your business is classified as a ‘high data processor’) who can manage and process any changes needed to how your business receives and stores data under the new regulations. Hold workshops with your staff to review and enhance your businesses obligations and awareness of the new regulations and how you can minimise risks and protect your business.

2

Audit your data


 

Make an inventory of all personal data your business processes and examine it under the following headings:

  • Why are you holding it?
  • How did you obtain it?
  • Why was it originally gathered?
  • How long will you retain it?
  • Do you need to retain the data?
  • How secure is it, both in terms of encryption and accessibility?
  • Do you ever share it with third parties and on what basis might you do so?

3

Review your current procedures and amend as needed, as GDPR is a game changer!


 

On the whole, the rights individuals will enjoy under GDPR are the same as those under the current Acts, but with some significant enhancements. Review how you seek, obtain and record customer consent, and whether you need to make any  changes. Update your privacy notifications, speak to non-EU contractors/ suppliers who have access to or process personal data for your business and implement the required changes. Organisations who already apply these principles will find the transition to GDPR less difficult. Rights for individuals under the GDPR include:

  • Subject access
  • To have inaccuracies corrected
  • To have information erased
  • To object to direct marketing
  • To restrict the processing of their information, including automated decision-making
  • Data portability

4

Check your current technical infrastructure


 

Audit your current IT/ technical infrastructure to see if it is up to the task of ensuring optimal governance of client data and update if needed. Are your systems currently compliant with the new regulations and what changes/ improvements need to be made and how easily and quickly can these changes be implemented for your business?

5

Record your preparation for GDPR


 

Businesses will need to keep records of what processes and solutions they have implemented to be GDPR compliant. All businesses and “data controllers” (e.g. employees who have access to data) are covered by the new “Accountability” concept in the new GDPR regulations. This means your business is required to not just adhere to the principles of GDPR but you must also be able to demonstrate compliance with the regulations.

6

How do the new regulations affect your sales and marketing?


 

One of the headline rulings in GDPR is “Unambiguous Consent”, this means that it is vitally important that users understand every aspect of what they potentially are consenting to when giving your business their personally identifiable information (P.I.I.). This will greatly affect all aspects of your businesses sales and marketing. Businesses will have to ensure that consent received from users is in line with the new GDPR regulations, such as:

  • Given freely, e.g. contracted services dependant on conditional consent is NOT valid consent
  • For specific reasons, blanket consent is NOT valid consent
  • Informed consent. Users need to be clearly and simply informed exactly what they are consenting to and that they have the right to withdraw their consent at any time under their right to be forgotten
  • Consent has to be Unambiguous. The consent given should leave no room for doubt on what the user is consenting to, whether that be singular use of their information or for multiple purposes
  • Affirmative action is required. Users must clearly affirm their consent verbally, in writing or ticking a box. No longer are pre-ticked boxes, silence, inactivity or other ambiguous means acceptable

7

Divide your GDPR implementation plan into 4 phases:


 

Phase 1:  Preparation
Review and ensure your businesses readiness for GDPR

Phase 2: Implementation
Following your review phase, implement effective changes in both processes and systems to ensure your business is GDPR compliant

Phase 3: Maintenance
Ensure & be able to demonstrate that your business continues to follow GDPR regulations going forward.

Phase 4: Review and Repeat

8

Expect the unexpected


 

Be prepared, whatever can happen, will happen. Ensure your business has a specific disaster recovery plan in place should you suffer a breach. If one occurs generally, your Data Protection Officer will have 72 hours from when they are made aware depending on the severity of the breach.

9

It’s not too late… start today to get your business GDPR ready


 

The deadline for GDPR is May 25th. It will take time to educate your staff, review, edit your data, and implement process changes to your business. Give your business and staff ample time to acclimate and become accustomed to the new regulations and their requirement

10

What products can help your business be GDPR compliant?


 

With the sea change needed in data recording, business processes being updated and training of staff, to name a few, businesses will need to spend the vast majority of their time concentrating on the human aspect of the onset of GDPR. What products or services out there can help your business get GDPR compliant with little or no hassle?

Contact Us


To find out more or to discuss how Magnet Networks can get your business fit for GDPR, contact us on 1800 789 789 or sales@magnetnetworks.com

Testimonials

When it came to our telecoms we wanted the most innovative and credible solution for big data transfer”

John Breslin, GM Smart Bay Ireland

Get in touch