With just over 8 months to go, GDPR will come into force; sooner than you may be prepared for.
Unlike many previous compliance and/or regulatory IT mandates, this is one that WILL break your business, should you not adhere to the regulation.
As with many other compliance and/or regulatory IT mandates, this IS an opportunity for you to get your IT house in order. There are some traditional IT systems questions which your business MUST be able to answer – at all times. These are the barriers to GDPR compliance your firm will face. This article reviews the top 3 and offers solutions on how to overcome them;
- KNOWING: Where data is held within your business and how combinations of data can identify an individual.
Do you have legacy systems? Scattered in various document/CRM systems in LANS or Datacentres around the globe? Or hosted via cloud services?
Regardless of where your actual data rests, if you are the data processor or controller YOU are responsible for knowing where it is and what it is going to be used for.
Additionally YOU must be able to collate, access and make it available at all times – easier said than done, especially if you are running a global business.
Typically businesses simply do not have the capacity to set up a new team to investigate and analyse not only their data storage or processing spaces, but also look at the internal business process – which will include local data capture (even down to local email storage containing vital personal information).
You need to conduct a thorough analysis of all personal EU data across the business and in ALL your business applications.
Outsourced analysis teams can provide valuable insight through indepth analysis and offer up key solutions that will be implementable by your IT and Business teams.
- KNOWING: What to do when the data is queried or asked to be amended/deleted.
This is traditional business process redesign (BPR). Understand what is required, design a compliant set of actions in a business process that ALL staff must follow – not just those who store or process data – as a back up in case of employee absence.
Get ALL stakeholders on board – down to small team leader level.
Make the process easy to understand and follow.
Remember you MUST ensure the 72 hour turnaround deadline is met.
- KNOWING: How to make the data changes; in particular being able to make it available, transfer it to another business or delete it – all on demand.
This refers to IT systems being able to integrate seamlessly to provide a complete personal data profile should the need arise.
YOU need to ensure that all data changes are managed within the regulated timescales.
Don’t forget to consider other factors when it comes to data analysis/migration and the impacts on symbiotic solutions within your network, such as regulatory or financial technology solutions.
These are just the tip of the iceberg when it comes to GDPR compliance and technology solutions.
We’d be delighted to offer you a free consultation on how you can proactively prepare your entity to ensure GDPR compliance, ensuring you stay ahead of the game. Simply call us on 01494 546 089 or complete this short contact me now form and we will call you.
Like this blog? Have a look at our other compliance and regulatory related blogs. All dedicated to helping businesses compliant using innovative solutions.
Who are we?
We are proud of our team of highly experienced & well connected professionals, who have been successfully delivering business solutions across diverse technologies and in multiple industry sectors.
Our particular expertise is in the financial services and insurance sectors.
Along with this, we are able to call on our extensive network of consultants, partners and associates to augment our delivery capacity. TechFINIUM currently has operations in the UK,
South Africa and India.