The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for organisations on the collection and processing of personal information of individuals within the European Union (EU). In the UK, GDPR is regulated by the Information Commissioner’s Office (ICO).
Businesses need to assess their obligations and update their policies, processes and systems to comply with the Regulation. Key requirements of GDPR include transparency, rights of data subjects (prospects, customers, citizens and members) and security.
The GDPR requires many organisations to appoint a Data Protection Officer (DPO). The correct implementation of the DPO’s function is vital to a business being able to meet the expectations of the GDPR, so you need to understand the scope and profile of the role. We’ve covered this in-depth in our article ‘Do you really need to recruit a Data Protection Officer (DPO)?
GDPR has reset the bar for managing personal data to ensure that businesses become totally accountable for the way they process and protect the personal data of their data subjects.
The penalties that the ICO can impose for poor practice can be severe – fines for non-compliance could be as high as 20 million Euros or 4 percent of annual global turnover, whichever is highest. But this will be negligible compared to the potential financial loss of acquiring a bad reputation among customers.
Whilst many companies and consultancies are focusing on compliance, business challenges often come with a silver lining. At Ascentor, we always seek to identify the extra benefits. Reviewing your approach to GDPR allows you to take the opportunity to review and optimise existing data processing practices including security controls, retention strategies and third-party agreements.
Ascentor can steer you through what is needed to meet your GDPR obligations. We start with our tried and tested Gap Analysis, a four-step process that will arm you with the knowledge to make business decisions regarding improvements and related resources.
On completion of an Ascentor Gap Analysis, you will understand where you are today, what needs to be done and an outline plan of how to achieve it. We can then support identified remediation activities and provide ongoing support to maintain your status and continually improve your cyber security posture in accordance with your business objectives.