This has a fundamental aim of guaranteeing the rights of all EU citizens to privacy of their data and also the right for their personal data to be removed. Given the recent coverage and concerns evidenced about GDPR, Daniel Clements the founder and managing director felt it was important to write about the topic.
Birmingham, UK-based, Shesh Tech are an IT support company, providing consultancy and strategy services primarily to SME businesses around the West Midlands area. We recently met up with Daniel to discuss essential steps to compliance and his general views about GDPR.
“The first step of complying with GDPR has to be understanding the requirements, after all, it’s impossible to comply with something you don’t have any understanding of!” explained Daniel. In discussion, Daniel pointed us to resources like the EU GDPR Information Portal, the Information Commission Offices Guide to GDPR and the GDPR final text, which are all helpful in developing an understanding of what’s required to comply.
Many organisations are wondering why go to all the effort of compliance, with comments such as “This is the latest fad and will pass soon enough”. Replying to this Daniel commented “The next step is the education of all staff, mentoring them and teaching them about data protection and privacy and why it’s important. GDPR demands an organisational mindset change, make it a part of the culture of the organisation, at all levels from junior staff to board level. It requires organisations to value and take seriously the rights of everyone to data privacy. With this in mind, training will need to be put in place and systems revised. This is well worthwhile undertaking as compliance will be subject to regulatory audits and non-compliant companies could be fined up to 4% of their annual revenue. Nobody wants to be fined but more important than this is the opportunity to be more professional and obtain consent for data storage and have systems and processes in place to protect people’s sensitive data”.
We asked Daniel, “What are some of the main ways in which organisations will need to change following GDPR?” Daniel replied, “There will have to be changes to policies and procedures, systems changes, website changes, data cleansing updates (why hold data you don’t need?), requests for consent when marketing, security testing (including anti-virus and penetration testing, etc.)”
Daniel mentioned that having the ability to manage Data Subject Access Requests (DSAR’s) will be important moving forward. These arise where a request is made to understand data held about an individual within an organisation’s systems. Daniel said “Handling data subject access requests is an important part of GDPR compliance. Organisations will need to change their processes, procedures, systems, staff training, etc. to be able to manage DSAR’s.”
These data subject access requests will be diverse in nature but essentially involve questions like:
i) Do you have any of my personal data? – to answer this, there will be an organisational definition of what constitutes personal data, this should be adopted directly from the GDPR
ii) Please supply the data you hold about me in an easily viewable format – this is in a convenient format to the requestor
iii) What arrangements do you have in place to ensure my data is safe? – state any/all security arrangements you have in place
iv) Please delete all data you hold about me – this requires awareness of where the data is, and staff trained and able to access and remove the data
In closing, Daniel reminded us that in the same way that a “dog is forever and not just for Christmas”, that GDPR is forever too. Daniel said “Some organisations are thinking that a one-off purge and exercise to remove data and update systems/processes is enough and then we can leave GDPR on the backbench. This attitude simply isn’t correct, to work GDPR compliance has to be seen as an ongoing regular activity similar to managing a company car fleet or managing the payroll. It’s an important activity for any organisation to manage on an ongoing basis.”
How can Shesh Tech help?
As IT specialists Shesh Tech can help in areas such as GDPR consultancy and strategy, data backup & security testing and change, remote management, secure email hosting, website changes (e.g. consent forms), secure cloud services, antivirus hosting and more. Shesh Tech can be contacted by using the details below.
105 Bristol Road
0121 573 0081
Image credits: Smeders Internet
- Contact Name:
- Daniel Clements
- Managing Director
- Shesh Tech
- Contact Email:
- click to reveal e-mail
- Contact Phone:
- 0121 573 0081
- Company Website:
- business / economics business / economics feed
- charity / voluntary sector charity / voluntary sector feed
- consumer goods consumer goods feed
- financial services financial services feed
- government government feed
- it / internet / software it / internet / software feed
- legal affairs legal affairs feed
- industry industry feed
- media / advertising / marketing media / advertising / marketing feed
- retail trade retail trade feed
- science / technology science / technology feed
- telecommunications telecommunications feed