GDPR – One Year On

May 25th, 2019 marks the one-year anniversary of the EU’s most substantial piece of data privacy legislation, the GDPR.

Have we all become more conscious of our data protection practices by implementing privacy by design? Or have we ticked a box by presenting a privacy and cookies policy on our website in the hope that complying with the basics of GDPR requirements is enough?

While most companies have complied with the basics, the more challenging requirement of implementing “privacy by design” and “privacy by default” into business processes will likely take longer than a year. GDPR compliance is not a one-time project but one that should be on-going, it means adopting technical and organisational measures that ensure the security of the personal data companies hold.

Exposure to IT security threats

Each year, technology becomes more integral to our businesses, providing numerous benefits such as improved efficiency and streamlined processes. However, with technology progressing at an accelerated pace, we find ourselves exposed to IT security threats.

A recent survey conducted by Microsoft of businesses in Ireland found that poor and inconsistent security policies, processes and procedures create bad habits among employees. This can compromise critical data.

Law firm DLA Piper who published a data breach survey earlier this year found that the GDPR mandatory requirement to report a data breach has resulted in 59,000 personal data breaches notifications to regulators, 3,800 of which relate to Ireland.

Overall, these incidents range from minor breaches, such as emails being sent to the wrong recipient, to major cyber hacks making front-page headlines.

GDPR is an opportunity to upgrade

Although data protection & compliance can be a headache for businesses, the GDPR provides business owners with an opportunity to upgrade processes, software and hardware to improve efficiency and protect their company against IT vulnerabilities.

The Intuity Professional Services team have designed a series of services that provide the insight and guidance needed to ensure ongoing observance of obligations. Privacy by design is at the core of all actions. Our GDPR service includes:

Data mapping & gap analysis

The Intuity Technologies team attend on site to discuss in detail your business functions and the various data processing activities undertaken in order to help develop a roadmap to compliance for your business.

Policy and procedure review & update

Intuity Technologies undertake a review of current policies and procedures, providing feedback and advice on changes necessary for GDPR purposes.

Contract review & vendor management

Our team will identify vendors and processors, review agreements in place and assess the risk they may pose to your business.

GDPR awareness training

Having identified key changes to satisfy privacy by design and default, we will develop business-specific awareness training for your staff, including a Q&A session to address your staff’s concerns around GDPR compliance.