11 May A Practical Guide To GDPR
*Click to Enlarge Image*
There is a lot of information and beginner’s guides to GDPR available. This is a visual interpretation of what we feel are key aspects our customers need to be aware of. This is a condensed overview of key aspects of GDPR. It highlights that although some items are IT related, a large proportion of compliance is in relation to the handling of data and internal processes. We recommend all customers seek legal advice.
From a layman’s perspective, we have identified things to do. They are split up into Internal things to do, that you can do yourself and External things that you can have done to make your systems and networks safer.
Internal Things to do:
Data Risk Analysis
Identify and record your data flows
Appoint a Data Protection Officer
Staff training for Cyber Awareness
Write Data Protection Policies for your website
Subject Access Request Procedure
Know who to contact when a data breach occurs
Central place of record – time and date of breaches
External Things to do:
Security Audit
Penetration Test (Internal and External)
2 Form Factor Authentication
Encryption on Devices (Desktop and Portable)
Get Cyber Essentials (Basic or Plus)
GCHQ Board Level Training
GDPR Health Check Assessment