The 25 May 2018 is fast approaching so this is a reminder of what you should be doing with links to further details. You may also find our GDPR hub and the ICO Guide to the GDPR. If you require any further assistance please contact our Technical Advisory Service.
It’s not too late to get started and remember not everything has to be completed by 25 May 2018 but you must have made a start. So our advice is to PREPARE, PROTECT and REVIEW.
Review Cyber Security.
The best way to prevent breaches (and therefore fines and sanctions) is to minimise their occurrence, so a review of your cyber security should be an essential part of your GDPR readiness programme. It does not have to be an expensive revamp, it can just be a refresh tailored in line with the complexity of your organisation and IT set-up. The ICO has also said that if you do suffer a breach they will use as a mitigating circumstance the level of cyber security in place and whether it is appropriate for an organisation of your size and the nature of your business, so again it is important for you to make sure your cyber security is ‘fit for purpose’.
The following is some tips on what you should be doing with regard to both digital data and paper records
Physical Security: make sure all hardware is stored securely , homeworkers, BYOD
Technological : encryption, firewalls, portals, passwords, VPN
Paper Records – now included if part of a ‘relevant filing system’
Physical Security: filing cabinets locked, access limited to only relevant personnel, clean desks
Disposal: shredded or other secure means?
Our GDPR hub is here: icaew.com/gdpr