GDPR : Compliance & IT Security
In May 2018 all personal data processing businesses operating in the EU must, by law, be compliant with the GDPR.
Therefore, there is a lot of pressure on organisations to get their houses in order before the deadline, but this, in turn, is creating considerable debate and confusion.
Does GDPR make us IT Secure?
There is a school of thought out there who believe if they become GDPR compliant then their organisation will automatically be IT Secure – or others who believe that having their IT security systems in place will ensure their GDPR Compliance. Unfortunately, both are also independent of each other – however, to deliver compliance, information security is key and having the best IT System in place to deliver this is crucial to your success.
This brings us back to last week’s IT Security Blog which referred to the importance of IT Security within the organisational culture. Again, we must consider the attitudes and rights around privacy, behaviour and security within and pertaining to our organisational culture. Our culture has the potential to have a positive impact on our compliance with and adoption of the GDPR.
So where does IT Security and technology in general sit with all of this?
One of the key demands of the GDPR is that organisations must not only comply with the regulations, but they must also be able to demonstrate this compliance – which is largely where technology will come into play. Technology has the power to speed up or enable GDPR compliance – the adoption by an organisation of high-level IT Security processes and procedures lays a smooth path for said organisation towards demonstrating GDPR compliance. It will be critical that organisations have systems in place which will allow them to demonstrate among other things:
- Assessment of current data privacy practices
- Personal data inventory
- Consent mechanisms
- Data Protection Impact Assessments
- Reporting personal data breaches
Given that data is the new oil, the GDPR also creates further urgency for all organisations to get on top of their data protection and their IT Security as a further weapon in the fight against cyber-crime.
Because of our journey towards gaining our ISO Certification here at Intuity, we have already put in place many of the processes and changes required ahead of GDPR. We would welcome the opportunity to share this learning with you and perhaps help advise you on best practice for your IT security to this end.
Call 0818 987 900 today and our team will be happy to help.