Fiona Ryan – Customer Implementation Manager
2018 was a groundbreaking year for data protection with the introduction on the General Data Protection Regulation (GDPR). In the lead up to the 25th May organisations struggled to digest the requirements of the regulations and alter their compliance efforts accordingly to allow for GDPR within their business. The lack of availability of resources was a major factor for most businesses in getting GDPR ready before the 25th. In the aftermath a feeling that set in that it was all just hot air! In actual fact approximately 95,000 data breach complaints have been made across Europe since the GDPR took effect. It takes several months for an data protection investigation to escalate, we should start seeing fines reported in the media in the coming months. Now is not the time to get complacent with your compliance!
Fiona Ryan, Head of Customer Engagement at Spearline Risk & Compliance has defined five points you need to consider in your privacy programme to ensure that your organisation achieves compliance.
1. Best practice
Culture is king when it comes to best practice. To have an objective of best practice in data protection appear in your business plan is key if you are committed to taking compliance seriously. Compliance protocol needs to be implemented at senior level so that the entire team will buy into it.
2. Communications
Data breaches are most often the result of human error. A communications plan needs to be woven into the calendar so that team members have clarity around their responsibilities from the time of their induction to each time their role or the legislation may change. Messages need to be reinforced on a regular basis so that data protection is front of mind as day to day business unfolds.
3. Training
Data Protection is serious business and the GDPR is a complex piece of legislation which affects each sector in different ways. Your team needs to be provided with adequate training to be effective in their role. Data breaches and incidents are most often not malicious – merely a lack of understanding on how to handle data in a safe manner or procedures not being adhered to due to complacency creeping into the workplace.
4. Budgets
Organisations were caught out in 2018 as they had not forecasted budget for meeting their data protection obligations under the GDPR. Staffing, training, hardware and software to manage your compliance all need to be considered in budgets from here on out. An organisation which can display the efforts they have made to be compliant will get a far better reception from their supervisory authority should they fall under investigation.
5. Contracts
Data protection needs to be written into contracts whether it be hiring or outsourcing staff, making partnerships or negotiating with vendors. Your organisation needs to make sure there are no weak links and that anyone you affiliate with will take your compliance seriously. Contracts are the perfect place to establish clarity in your expectations and responsibilities.
At Spearline Risk & Compliance we develop solutions for the centralised management of data privacy and GDPR requirements. We are passionate about creating software solutions that are customer centric, prioritising ease of use. Our software solution Spearline Data Protection is a simple to use, comprehensive, one platform product for organisations to manage their GDPR and Privacy compliance programmes. Our managed service solution Spearline Managed Service is a Data Protection Specialist outsourcing service which provides highly skilled professionals to implement Data Protection Compliance programmes in part, or in entirety for global brands from start to finish.
To find out more, or to request a Spearline Data Protection and/or Managed Services demo:
-
Email contactus@spearline.com
-
Call 1800 851266 / 00353 28 58563
Photography By: Emma Jervis