2414 BLOG

EU GDPR

2414 BLUE Training Courses

GDPR Misconceptions

GDPR or the EU GDPR is really picking up pace at the moment and not for all the good reasons. Mainly due to there being so much confusion in the industry. GDPR fines are increasing and GDPR Compliance is in most business agendas. We get asked questions such as 'Does it apply to us? We are only business to business, so do we need to be GDPR ready? We are outside the EU, does it apply to us?'. In short and in most scenarios it absolutely does apply to your organisations, but the trouble we are faced with is scaremongering. Far too many technology companies are scaring and pressurising their clients into buying tools that are sold on he basis that it will be a GDPR silver bullet. Well if only there was! Gosh, if that existed then the ICO (Inormation Commissioners Office) would be recommending it to every company across the European Union, right? Wrong - there is no one size fits all, there is no simple solution. GDPR takes time, resources and manpower. The key to a successful implementation of the GDPR is firstly to complete a GAP Analysis/RiskAssessment. Only then can you truly start to understand where your data is, who has access to your data, what type of data you hold, who are your third party suppliers and more importantly what are you going to do with it and how are you going to protect it? There vary widely from department to department and something that needs to be delivered in phases and comprehensively. Without this, there is a lot you could miss. The second biggest misconception is that so many people believe that it is an IT project and give it to an IT Manager/Director as part of their responsibility. This is difficult in quite a few ways; it is a conflict of interest with current responsibilities and also there are so many other departments that need to be involved. We would recommend active involvement of an IT/security personnel, however, it is NOT solely an IT Project. Marketing, Human Resources and any customer facing staff all play a key part to ensure that you don't just hit the May 2018 GDPR deadline, but that it is an ongoing process. If the GDPR is such an important undertaking and one that could incur not only 4% of global annual turnover fines,in addition to customer compensation payouts, then why aren't businesses taking it more seriously and why are they just handing over projects to inappropriately trained consultants or junior staff. Ensure you instruct a company whose practitioners are highly experienced, qualified, certified, knowledgable and professional. This is a regulation that you can't afford to brush under the carpet. Our practitioners have been carefully selected due to heir vast backgrounds in areas such as the original Data Protection Act, ISO27001, ISO9001, Cyber Essenials, Commercial Law, COBIT, GCHQ Certified Cyber Security, Agile Project Management and other associated frameworks.

We will be running a number of upcoming webinars in the areas of working parties, Executive Management buy in, Data Protection Impact Assessments, Data Governance and associated frameworks such as COBIT, Agile, Praxis and GCHQ Cyber Security - GCCSP Qualifications.

More blogs coming soon...

GDPR is not an IT project!

We have currently trained over 500 companies in the General Data Protection Regulation soon to hit in May 2018. It involves so many key stakeholders from Marketing to HR, IT, Finance, Sales and Customer facing staff. Whilst it does have a heavy involvement from IT and IT Security, it is by no means a large proportion. Companies do not realise that it is the business as a whole that needs to update and adopt new documents, policies, processes, procedures and structures. For the finance and insurance industry, where they are familiar with other regulations and regulatory bodies, this is just another one for them to have to comply with, however, with other industries such as retail, manufacturing, media and others, this is completely out of their comfort zone.

There are many things that you do need to consider from an IT Security angle including data governance, data security, access to data, priveledge requests, endpoint protection and incident response but we are seeing a large proportion of IT resellers who are pushing their own products with a view to 'If you purchase our product it will make you GDPR compliant' and that is absolutely not the case.

GDPR should be led with a consultative approach; What is it? How does it affect your organisation? How will it affect the employees and customers within an organisation? What do we need to do? How will we do it? What process will we take? and finally how do we make sure it is effective and upkeep of the regulation is of most importance.

We will be running a number of upcoming webinars in the areas of working parties, Executive Management buy in, Data Protection Impact Assessments, Data Governance and associated frameworks such as COBIT, Agile, Praxis and GCHQ Cyber Security - GCCSP Qualifications.

More blogs coming soon...

GDPR is not an IT project!

We have currently trained over 500 companies in the General Data Protection Regulation soon to hit in May 2018. It involves so many key stakeholders from Marketing to HR, IT, Finance, Sales and Customer facing staff. Whilst it does have a heavy involvement from IT and IT Security, it is by no means a large proportion. Companies do not realise that it is the business as a whole that needs to update and adopt new documents, policies, processes, procedures and structures. For the finance and insurance industry, where they are familiar with other regulations and regulatory bodies, this is just another one for them to have to comply with, however, with other industries such as retail, manufacturing, media and others, this is completely out of their comfort zone.

There are many things that you do need to consider from an IT Security angle including data governance, data security, access to data, priveledge requests, endpoint protection and incident response but we are seeing a large proportion of IT resellers who are pushing their own products with a view to 'If you purchase our product it will make you GDPR compliant' and that is absolutely not the case.

GDPR should be led with a consultative approach; What is it? How does it affect your organisation? How will it affect the employees and customers within an organisation? What do we need to do? How will we do it? What process will we take? and finally how do we make sure it is effective and upkeep of the regulation is of most importance.

We will be running a number of upcoming webinars in the areas of working parties, Executive Management buy in, Data Protection Impact Assessments, Data Governance and associated frameworks such as COBIT, Agile, Praxis and GCHQ Cyber Security - GCCSP Qualifications.

More blogs coming soon...