Be Cyber Secure by Reuvid Jonathan;

Author:Reuvid, Jonathan;
Language: eng
Format: epub
Publisher: Legend Business Books

10 TOP TIPS

These are not the ICO’s 12 steps or particularly all-encompassing, but rather tips based on what we have learned on the journey so far:

1. Don’t treat the GDPR as just another standard – it’s much more than that and will likely take longer to address.

2. GDPR should be on the corporate risk register and owned by the board. Involve IT but don’t assign the task to them. Appoint a board sponsor, if not the CEO.

3. Appoint a DPO as soon as possible. Your DPO should report into the board independently.

4. Avoid scope creep – the GDPR is a big enough task. For now, just do what is necessary to comply with the GDPR (e.g. PIA/DPIAs, data registry, article 30 reports, breach notification reports etc). You can always do more later on.

5. Before you start, consider what you really want to achieve: ability to demonstrate compliance against the GDPR, ability to report (article 30 reports), Subject Access Requests handling, consent management, breach notifications, data register, etc. Then consider the best way to get the data you need to deliver these.

6. Consider how you will store and access the data you collect. Avoid Excel unless you are relatively small. But if you must use it, work out how you will bring all those spreadsheets together into a single data register. Who can see it? What can they see (e.g. only data belonging to a particular department, business unit, division, country, company or group )?

7. Use GDPR consultants/lawyers to apply GDPR to your industry and to work through some of the very difficult business questions the GDPR raises (such as agility v compliance or M&A implications).

8. Minimise reliance on ‘consent’ if possible as it can be withdrawn; preferably find another lawful basis for processing. Review consents and T&Cs accordingly.

9. Once you think you are compliant, consider how you will remain compliant. How will you verify the information collected next year and the year after (spreadsheets are looking out of place again).

10. If you haven’t yet started, start now. If you are behind, just keep going. May 25th isn’t the end date, it’s the start date. The GDPR is here to stay, so avoidance is not an option. Better to get ahead of the curve and view it as competitive advantage.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.