<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

GDPR Challenge Number 1: Where to Begin?

Posted: 07 September 2017

GDPR Challenge 1 Where to Begin Preparing for GDPR

Without much hesitation, I am certain that my experience of the past eighteen months has been similar to others. Attending and consuming countless GDPR focussed conferences, webinars, panel discussions, blog posts and webinars in an effort to strengthen my own grasp of the topic and to trade suggestions on real-life application with peers. There is much to gain from such occasions.

Getting the perspective of those who face the challenges posed by integrating the GDPR into a variety of different business verticals can be fascinating...in a data protection sort of way. How can I continue to collect CCTV images? What about international passenger flight manifests? What do I do with the thousands of contact details I have collected, for marketing purposes, pre-GDPR? Will I still be able to purchase contact data?

Answering a Question with a Question

The one question which all in attendance ponder is where to start? How to begin their GDPR journey in the most effective way?

The stock standard answer a personal data audit, a process of discovering what personal data is currently held, collected, stored and processed and the workflows which define its lifecycle. This advice is not without merit and is a good starting position, however it doesn't account for those who have no need to perform such a task or may already have completed it as part of a previous compliance toolkit. This advice, while well-meaning, assumes that all existing privacy policies are equal.

Where is the Starting Mark?

Understanding where to begin is reliant on understanding where you currently stand. Very little in the pages of the GDPR are truly new or innovative, in fact one of the reasons the administrative penalties have received so much attention against other aspects is due in part to the unprecedented values. It is an example of very few items which have not been inherited (either directly or with some power-up) by the Data Protection Directive 1995 or influenced by ISO27001.

Taking this into account, many businesses and organisations may already be further ahead in their GDPR preparations than they previous thought. The Data Protection Act 1998 in the UK which was a result of the Data Protection Directive 1995 has been in force for almost 20 years, any organisation worth their name will be compliant meaning much of the GDPR work is just a tweaking of existing policy. In addition, ISO27001 and its resultant ISMS (Information Security Management System) is an ideal framework for a short hop over the GDPR compliance. Therefore, posing one answer for all when asked the question of where to begin is foolhardy. Instead, consider a simple task of baselining or assessing the current posture against where you need to be in 2018.

The Shortest Distance between Two Points

By assessing your GDPR posture today, you can measure the distance between the now and the tomorrow. Giving you focus on those articles and tasks which will require the greatest effort and revealing quick wins in areas where you may already be compliant, or near to.

Such assessments can be a carried out in-house should you have personnel who are sufficiently briefed on the regulation, or by the countless service providers offering GDPR related assessments and gap analysis activities. Infinigate UK being no exception, has released its own GDPR assessment portal. After answering 23 multi-choice questions regarding your current privacy policy, a custom report is emailed to you free-of-charge, containing a critical advisory analysis of your adherence to the GDPR.

Armed with this report, you can then step past the personal data audit recommendation and begin to plan the actual changes you need to implement for May 2018.

Click to get a free, online GDPR readiness assessment for your organisation >>

Chris Payne Senior Technical Consultant, Infinigate UK
Posted by Chris Payne
Senior Technical Consultant, Infinigate UK
View LinkedIn profile

 

Share via:

    

Subscribe to VSEC Blog Updates

Popular Posts