It’s the final countdown to GDPR….or is it?!
Everyone seems to be going GDPR countdown crazy! Unless you have been living under a rock for the past year or so I am sure most people will have seen at least one LinkedIn post about GDPR, it seems to have been talked, seminared and blogged about to death especially in the past couple of months but what happens on 25th May here at Selenity?
Well, in all honesty, nothing. It might actually be a bit deflating when the day arrives, that has been talked about for so long, but nothing tangible actually happens or changes on the day; I might bake a cake to liven it up! So, why will nothing happen on the day? It's simple… although GDPR comes into force on 25th May, work has been happening for over a year to prepare and ensure compliance at Selenity by this date.
So, what have we done to make sure we are compliant?
- We have delved into our cloud solutions and made changes not only to ensure our compliance but to also assist our customers to achieve compliance.
- We have updated customer and supplier terms plus revisited our new supplier process and supplier reviews.
- We’ve created a document with Information Security, GDPR and data protection information to be proactive and to give our customers reassurance that we have robust policies and processes in place to ensure compliance with GDPR, a lot of which are through our ISO27001:2013 certification
- We have detailed the data flows within the business and cleansed ourselves of data (both personal and otherwise) and it felt good! Who doesn’t love a good spring clean?! All of our personal and sensitive data will now be kept in line with our ‘Now you see me, now you don’t – What we keep and why’ data guide to ensure a standardised approach that is easy to follow.
- We have also reviewed and updated our company policies and processes.
It's all in the training!
All of our colleagues have been to at least one of my GDPR training sessions and completed a quiz to test their knowledge. The next training I will be doing is for those in customer facing roles on how to spot and respond to Subject Access Requests, I think everyone is fighting to be on that session! This will ensure if anyone wants to know what data we hold about them we can respond promptly and in a measured and standardised way.
Updates and changes have happened and are carrying on in all departments. Each department has taken time to understand GDPR and how this effects their department and make changes accordingly. This understanding and buy in is absolutely essential to embed GDPR compliance in everything we do.
No doubt there will be tweaks and improvements along the way as GDPR compliance is an ongoing ‘journey’ not a ‘destination’, just like our Information Security Management System. Ongoing auditing and awareness to colleagues will help with this.
I do wonder though, how many companies are seeing 25th May as a ‘destination’ for GDPR and how many actually have a calendar of activities to ensure compliance for the long term rather than just a ‘tick in a box’ when 25th May arrives.