Article provided by The Data Support Agency
It’s less than a month until enforcement of the General Data Protection Regulation (GDPR).
Many SMEs within the UK and across the EU are still struggling to know what to do. Small businesses don’t have the time to properly research what the GDPR constitutes, understand what changes need to be implemented or allocate resource to this new legislation.
We know that SMEs are having a tough time because it happened to us. We grew tired of being told we needed to take action before May 25th without having explicit information to actually know what action to take. Just search ‘GDPR’ on Google and it’ll list around 13.5 million articles. Few of them will tell you exactly how to become compliant or how much it will cost.
The Data Support Agency was created by an SME for SMEs who need a solution to become GDPR compliant – and importantly – stay GDPR compliant when you have limited time, expertise and resource. We’ve created and launched a portal that gives SMEs a starting place wherever they are on their journey to compliance. It highlights what is relevant to your business and breaks the legislation down into bite size pieces so that it’s not overwhelming. And to complement the tools and templates you need, we have assembled a team of certified GDPR experts who you can access through a UK-based call desk.
If you are still unsure of what changes your organisation should be implementing to adhere to this new legislation or are still in the very early stages of your compliance journey, don’t worry. It’s not too late. We’ve developed a five-step process to help you get up to speed with GDPR.
Step 1: Understand GDPR
GDPR isn’t the responsibility of one single person. All employees, including key decision makers, need to be aware of the new legislation to support your organisational transformation.
Essentially, there are four key aspects of the legislation that you need to clearly understand:
- Individuals will have more rights on how their personal data is used;
- Businesses who handle large amounts of data may need to employ a Data Protection Officer (DPO);
- Data breaches must be immediately reported to the Information Commissioner’s Office (ICO);
- Non-compliance with the GDPR may result in huge penalties.
Step 2: Identify the risks
Gaps in your compliance and the risk appetite of your organisation will determine the necessary GDPR actions you need to take. Our free seven-step readiness assessment which will reveal your organisation’s current state of readiness. If your score is good, then congratulations – you’re off to a good start. But don’t forget that GDPR is a continuous process – how do you plan to stay compliant and prove your compliance after May 25th? Our subscription solution offers continuous monitoring and support to ensure long-term compliance, enabling you to keep up to date with the legislation.
Step 4: Test your compliance
Your online portal will contain twelve sections that correlate to the twelve areas of compliance for GDPR. Once you’re 100% compliant in one of these areas, it will turn green. If a specific area needs some more work, it will show as amber. Non-compliant sections will show red. This traffic light system is designed to make it easy for you to identify what you need to do. It’s as simple as that.
Step 5: Maintain compliance
Once you’ve reached 100% compliance, ensure that you stay the right side of the legislation as your business evolves. Achieving compliance is only the beginning. GDPR’s arrival on May 25th is not the deadline, but the start of the journey. The ICO expects you to remain compliant as the legislation evolves. We help you remain on the right side of the law by supporting you for the next three years. Our monthly subscription service, which starts from as little as £100 per month, gives you continuous access to the portal and our experts.
Simply telling you again and again that you need to change the way that you collect and process data just isn’t helpful. We tell you what you need to change give you the tools, templates and processes to make that happen. The clock is ticking… but you still have time.
