Organisations are counting down to GDPR …. are you?

Its T-6 months until GDPR. Zero tolerance. No excuses. No extensions. Are you ready?

On 25 of May 2018 every organisation is expected to be GDPR compliant. Failing to comply with the new EU directive, an organisation is risking a fine of up to 4% of global turnover or €20,000 (whichever is more).

Everyone is talking about GDPR and awareness is high but understanding is still low.

Many organisations are failing to put correct measures in place to guarantee they’ll be GDPR ready in May. At Cohesion Digital we are working extra hard to put measures in place now to be GDPR ready.  Sharing with you our own experiences and key learnings should provide helpful background and the steps required to move your business forward – on time.

What is GDPR

Starting at the beginning GDPR stands for General Data Protection Regulation. It’s an EU directive extending the rights surrounding collection, usage and transferral of personal data in Europe and most importantly the fundamental rights to privacy. The directive stipulates that personal data must be collected lawfully, used only for the purpose it was collected for, remain accurate and up to date.

Put simply it is a radical overhaul of current rulings surrounding every aspect of data handling.

The new legislation has far reaching implications for all businesses and organisations across Europe and the global organisations handling European data. To ensure every organisation avoids costly penalties they must also radically overhaul their own approach to data handling in line with the new EU directive.

How do I know if my business is affected by GDPR?

Ask yourself: Do I manage data? The answer is undoubtedly yes.  The reason being data handling under GDPR includes all online and offline personal data processed manually and automatically.

It includes all data you hold on employees (past and present), applicants, suppliers, customers and anyone on your marketing database.

How do I protect my organisation and my customers?

With the right planning and support put in place early you can map out a clear GDPR ready path. How do we know? Well as Data handlers ourselves we carried out due diligence on ourselves and spotted a few areas that would’ve put ourselves at risk after GDPR was implemented. Here’s our story.

Cohesion Digital – Road to GDPR Discovery

Our Approach

At Cohesion Digital we have a vested interest in following the EU directive to the letter. Not only as employers handling personal data but also as eCommerce web developers processing massive volumes of etailers data every day.

We are passionate about detail, discovery and turning a problem on its head to find a positive solution. This is exactly the approach we have taken to get to grips with GDPR and here’s what we learned – what to do and what not to do.

As you know Data breaches are often down to human error. At Cohesion we believe knowledge is power.  To safeguard our staff, Managing Director, Alistair Macneil, embarked on an advanced GDPR training program of seminars and webinars. To deepen knowledge and expertise Alistair is working closely with GDPR experts, at the law firm, MacDonald Henderson’s.

All the staff, at Cohesion are committed to an ongoing training program for GDPR. Every step of the way we’re gaining valuable GDPR insight and remain on track to comply with EU legislation for Cohesion Digital and our clients.

 

At Cohesion we acted early and put our own house in order. This included carrying out an internal audit of our own data handling and data policies. This is a worthwhile exercise you can carry out. Areas to consider include:

  • Data moving between departments and clients/suppliers
  • Password security
  • Our roles & responsibilities
  • Portable risk assessment of data transfer
  • Identify the volume of staff data held (past, present and previous applicants)
  • Variety of staff data held e.g. CV, HR, finance, medical records etc.
  • Length of time ex-employee records stored
  • Reporting data breaches timescales
  • Do we need to register with ICO

We must admit to discovering a few nasty surprises with data easily accessible on our Amazon gift account – needless to say this has now been removed.

Next we looked in detail at the external client data we handle. Client customer data was being held during the period our developers worked on new features to upgrade a website. So we undertook a data mapping exercise to measure our own potential risks and that of our clients. Our robust data processes now ensure we never move the data to our own IT systems and always carry out a purge to delete all the personal data we will be working on locally.

Our road to GDPR discovery. What we learned?

Using the knowledge gained from seminars, webinars, legal experts and our own practical experience of GDPR, Cohesion Digital has mapped out the 6 steps for a GDPR discovery Road Map.

It’s worth a read as it could help shape your approach

Get in touch

To carry out your organisations data mapping exercise or discuss GDPR requirements contact us or call Alistair Macneil today on 0141 249 0641

If you looking for legal advice to update privacy and data policies get in touch with the experts at MacDonald Hendersons

lets create something great

Get in touch and send some basic info for a quick quote.

Start Your Project

cohesion Events

Invite only eCommerce events in in Leeds, Manchester, Liverpool London, Glasgow

Register for an invite