Your Road to Compliance
Posted on 17th December 2018 at 11:06
Understanding Your Road to Compliance...
Since the enforcement of GDPR on the 25th of May 2018, the fear mongering seems to have died down however the complacency and confusion has not.
We have seen many posts recently the “The Top 10 things you must do” or “6 Top Tips to your compliance”, the interesting thing is that for many these are far too complicated and miss the most fundamental concepts of understanding a successful compliance journey :-
Your staff are your most important and dangerous asset.
Compliance is a journey not a tick box exercise.
GDPR is simply implementing best practices.
You will gain competitive advantage.
GDPR certification is smoke and mirrors.
Your staff are you most important and dangerous asset.
In any organisation staff are the most important asset, however they are also the most dangerous. Why?
In whatever business sector we may find ourselves our staff will:-
Speak to our customers.
Obtain personal information from our customers.
Manipulate our customers personal data.
Assist our customers when they have issues.
In very simple terms our staff are at the coal face and the only way we can follow a successful compliance journey is making sure that they are involved.
GDPR requires that we implement “Appropriate Technical and Organisational Measures” which must include training our staff on their security responsibilities, including the appropriate use of business systems and IT equipment.
We should also train our staff to recognise common threats such as phishing emails and malware infection, and how to recognise and report personal data breaches.
After all the most well-designed security measures will not work if staff do not know about or follow business policies and procedures.
Compliance is a journey not a tick box exercise
For many there seems to be a misconception that you can reach GDPR compliance, tick a box and you are done.
GDPR compliance is not a tick box exercise nor should it be and this is why:-
We would simply find companies/organisations doing just enough to be able to tick a box and say they were compliant.
As a consumer or customer we would not really have any confidence that the company we were dealing with was still protecting our data.
Technology is constantly changing and the threats from Cyber Criminals and insider breaches are more and more ingenious.
To maintain your GDPR compliance it is imperative that our policies, procedures, practices, technical and organisational measures adapt to ensure optimum integrity at all times.
GDPR is simply implementing best practices.
We have heard many complaints that GDPR is just another set of rules that we do not need, will cost a lot of money and require unbelievable effort to achieve.
In very simple terms all GDPR is asking us as organisations to do is :-
Protect the data we hold.
Maintain our data.
Ensure appropriate Access.
Introduce suitable housekeeping.
Implement appropriate technical and organisational measures.
In our experience understanding your business and implementing best practices has allowed the companies to gain efficiencies and reduce costs, that sounds like a good thing doesn’t it!
You will gain competitive advantage.
It cannot have escaped your notice that there are very few days where we do not hear news reports of Data Breaches or Cyber attacks and in most cases these seem to have been caused by :-
Human error.
Poor security.
Lack of staff training.
Insufficient technical and organisational measures.
We wholly believe that customers will start to look for organisations with good track records of protecting customer data and those organisation will be able to promote that they follow an appropriate compliance program and value their customers data.
Such promotion would allow those organisations to install confidence in their current and future customers offering a competitive advantage, a competitive advantage that would continue while following an appropriate compliance journey.
GDPR certification is smoke and mirrors.
Many companies and individuals have promoted that their course is certified or as an individual they have become GDPR certified, there is no easy way to say this, there is no such thing as “GDPR Certification” and attending a certified course or employing a certified person will have no real benefit.
How do we know?
All member states have a regulatory body and the responsibility of certification will be with that body. In the UK we have the ICO (Information Commissioners Office) and currently the ICO have not appointed any organisations that can class themselves as certified. Click here for Details
In Conclusion.
GDPR compliance is a good thing that you should be doing for the following reasons:-
Keep your current customers.
Obtain new customers.
Protect customer data.
Improve your business.
To find out how JCBcs can help you with your compliance journey
Share this post:
