IT systems organisation Spiceworks recently found out through a survey that only 36% of EU- based IT professionals said they were fully aware of the impact of GDPR and the changes it brings. 43% of UK IT professionals also said the same.
Only a low figure of 5% of UK IT professionals believe that their organisations are fully prepared with GDPR while only 2% of EU IT professionals believed the same.
GDPR does not rule IT departments unlike what everyone believes. It is more of an opportunity that all departments of an organisation should get involved with. 32% of UK IT professionals stating they have a lack of understanding from management amongst their top GDPR concerns.
GDPR provides citizens with a greater control over their data with their rights being improved. With the introduction of ‘privacy by design’ protects individual’s privacy. To demonstrate compliance to your lead supervisory, start off by having a good preparation plan.
Is your organisation ready for the changes GDPR is bringing?
Learn about GDPR and if you haven’t, start off by completing a risk assessment for your organisation and start to train employees in data protection.
Who is in charge of your organisation’s GDPR?
As an IT organisation or department, you will need to support others and the resources that come with GDPR.
What data is processed and stored in your organisation?
You must know where and how your data is stored and who it is shared with.
How to facilitate a flood of information requests?
GDPR gives people more control over their data and how it is used. You must be able to provide information within 40 days in a jargon-free format.
What if you have a data breach?
Every organisation has 72 hours to report a data breach to their lead supervisory authority.
Are you holding yourself accountable?
Make sure to carry out privacy impact assessments on all new projects and events, update your privacy notices, consents and rights for individuals.
What happens if my organisation works with a third party?
Audit the compliance status of all third parties that fall under GDPR.
What devices have access to your data?
Any device with access to your data, from big desktop PC’s to laptops and tablets must be audited and sanctioned for use of your data.
Which employees have administrative access?
Reduce the risk of any data breaches that are caused by human error by keeping on top of administrative access to your systems to a minimum while enabling you to control who has access to the data and from which device and what network.
Have all employees had appropriate training in data security?
The first quarter of 2017, most of the data breaches were the result of human error. To reduce the risks give all employees a basic training in cybersecurity, such as filters on emails from suspected addresses.