- Thursday 08 November 2018
With the International Association of Privacy Professionals (IAPP) reporting that 84.7% of data breaches are made through unintentional or inadvertent human error it’s a critical time for organisations to review procedures and make sure they are on track for General Data Protection Regulation (GDPR) compliance. Although the GDPR was a huge talking point this time last year, provisions for dealing with the new regulation didn’t feature in many annual budgets.
November is the month many organisations prepare budgets for the year ahead. As forecasting for the operational aspects of GDPR is new territory for all organisations, Spearline’s Chief Financial Officer David Limrick has outlined the key aspects that need to be considered for your annual budget.
1: Do you need consultation?
Many organisations are well down the road with their compliance planning, strategy and implementation. Others still have their heads firmly in the sand thinking that GDPR will never reach their door. If you don’t know where to start you need to get professional help onboard to guide you.
Have you got the expertise to cope with your data protection obligations in-house or do you need to task your existing workforce with additional duties in their remit? It is critical that your privacy team has the time and expertise to execute a comprehensive data protection compliance programme or your organisation will be left vulnerable to data breaches and in turn legal action and fines. Outsourcing your privacy programme in part or in its entirety may be something to consider.
Your entire workforce needs to have a grasp on how GDPR governs their duty and care to data protection. Human error is a leading cause of data breaches, if every member of staff is not informed and engaged in the protection of your organisations data compliance your organisation is open to vulnerabilities.
Resource needs to be put against an internal communications strategy to make sure all staff are aware of the organisations GDPR obligations and how each and every member is expected to participate in the compliance programme - this is as small as regular password update prompts or as big as warning about cybersecurity threats.
If your hardware is relatively new it is likely to have inbuilt data protection systems for instance password protection on items such as photocopiers. Older items like fax machines may not have this technology and if not would need to be updated. A risk analysis should be undertaken on your existing hardware to ensure that data is protected and if not - systems need to be put in place to protect it.
Your compliance programme will need to unfold through computer applications. While there are shortcuts to be taken using spreadsheets - this is unreliable at best with limitations ranging from an inability to report effectively, lack of visualisation around key metrics, duplication of sheets leading to errors and the inability to? set up notifications and alerts to keep people on task, assign due dates or track progress. An organisation that takes compliance seriously needs to invest in software which is purpose built to manage a complex compliance programme, allowing you to have multiple users with various access rights, allowing you to easily pull metrics and reports on your compliance status, and giving you transparency when you need to demonstrate your compliance to your supervisory authority .
7: Practical concerns
Data protection can often boil down to common sense. If your organisation keeps paper files, they need to be secured under lock and key - or in rooms with coded access so that only staff with clearance are able to view the files. Now is the time to organise security around your hard copy data if it hasn’t been done.
At Spearline Risk & Compliance we develop solutions for the centralised management of data privacy and GDPR requirements. We are passionate about creating software solutions that are customer centric, prioritising ease of use. Our software solution Spearline Data Protection is a simple to use, comprehensive, one platform product for organisations to manage their GDPR and Privacy compliance programmes. Our managed service solution Spearline Managed Service is a Data Protection Specialist outsourcing service which provides highly skilled professionals to implement Data Protection Compliance programmes in part, or in entirety for global brands from start to finish.
For more information, or to request a Spearline Data Protection and/or Managed Services demo:
Call 1800 851266 / 00353 28 58563