<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

GDPR Challenge Number 1: Where to Begin?

Topics: Data Protection, GDPR, General Data Protection Regulation

Posted: 07 September 2017

GDPR Challenge 1 Where to Begin Preparing for GDPR

Without much hesitation, I am certain that my experience of the past eighteen months has been similar to others. Attending and consuming countless GDPR focused conferences, webinars, panel discussions, blog posts and webinars in an effort to strengthen my own grasp of the topic and to trade suggestions on real-life application with peers. There is much to gain from such occasions.

Getting the perspective of those who face the challenges posed by integrating the GDPR into a variety of different business verticals can be fascinating...in a data protection sort of way. How can I continue to collect CCTV images? What about international passenger flight manifests? What do I do with the thousands of contact details I have collected, for marketing purposes, pre-GDPR? Will I still be able to purchase contact data?

Answering a Question with a Question

The one question which all in attendance ponder is where to start? How to begin their GDPR journey in the most effective way?

The stock standard answer a personal data audit, a process of discovering what personal data is currently held, collected, stored and processed and the workflows which define its lifecycle. This advice is not without merit and is a good starting position, however it doesn't account for those who have no need to perform such a task or may already have completed it as part of a previous compliance toolkit. This advice, while well-meaning, assumes that all existing privacy policies are equal.

Where is the Starting Mark?

Understanding where to begin is reliant on understanding where you currently stand. Very little in the pages of the GDPR are truly new or innovative, in fact one of the reasons the administrative penalties have received so much attention against other aspects is due in part to the unprecedented values. It is an example of very few items which have not been inherited (either directly or with some power-up) by the Data Protection Directive 1995
or influenced by ISO27001.

Taking this into account, many businesses and organisations may already be further ahead in their GDPR preparations than they previous thought. The Data Protection Act 1998 in the UK which was a result of the Data Protection Directive 1995 has been in force for almost 20 years, any organisation worth their name will be compliant meaning much of the GDPR work is just a tweaking of existing policy. In addition, ISO27001 and its resultant ISMS (Information Security Management System) is an ideal framework for a short hop over the GDPR compliance. Therefore, posing one answer for all when asked the question of where to begin is foolhardy. Instead, consider a simple task of baselining or assessing the current posture against where you need to be in 2018.

The Shortest Distance between Two Points

By assessing your GDPR posture today, you can measure the distance between the now and the tomorrow. Giving you focus on those articles and tasks which will require the greatest effort and revealing quick wins in areas where you may already be compliant, or near to.

Such assessments can be a carried out in-house should you have personnel who are sufficiently briefed on the regulation, or by the countless service providers offering GDPR related assessments and gap analysis activities.

Prepare for GDPR 11 step checklist

Infinigate UK
Posted by: Infinigate UK
Share via:

Subscribe to VSEC Blog Updates

Terms and Conditions:
  • When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:
    • We will use your details to send you blog updates.
    • We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.
  • We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.
  • In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.
  • Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.

Popular Posts