The General Data Protection Regulation (GDPR) is coming into force on the 25th May 2018, so there’s not long left to be prepared.
Your business needs to understand its responsibilities and consider the risks as your customers data is collected, processed, shared and removed throughout it’s lifecycle.
Consider where the data is at most risk and if there’s anything you can do to reduce that risk.
Understand where your data comes from, where it is, where it goes to and who has access to it.
As a business, it’s critical that your staff are trained and aware of GDPR and how to keep your customer and sensitive business data secure. And any 3rd party you deal with needs to consider GDPR if they are processing any of your customers data or your sensitive business data.
If you haven’t started your road to GDPR compliance, or don’t know where to begin, use the following steps :
- Perform a data audit to understand where your sensitive data is on your internal systems and any 3rd parties.
- Map out on paper, where your sensitive data is stored and processed.
- Perform a risk assessment on each step in your data map
- Identify and document your lawful basis for processing the data
- Review and add security controls to increase protection
- Train your staff to ensure they understand the importance of GDPR and the processes to follow
There are many things to consider for GDPR, but there are some simple steps that will really help you have a more secure way of handling your customer and your business information.
Something else to understand is that you will have to prove you took steps to prevent data breaches, including the steps above, so make sure you have documentation and hope you never need it.