GDPR – Are you ready?
The European General Data Protection Regulation (GDPR) comes into force in May 2018. Getting your organisation to a GDPR compliant standard is not easy, as the change will impact the whole organisation. Even after Brexit, you will still need to comply.
After years of working with our clients on implementing change and managing projects, which involve sensitive personal data, we are well aware of the challenges for many organisations becoming GDPR compliant. The most challenging aspect of GDPR compliance is likely to be the organisational change needed across all levels of the organisation.
The Information Commissioners Office (ICO) recently published data to show that the majority of data breaches which occur are down to human error such as emailing or posting data to the wrong person, loss or theft of paperwork and failure to redact the data as needed.
To put it another way, while your IT systems are important, without also focussing on your operational systems, processes and training you will not be minimising your risks. The EU regulations make it clear, it is now mandatory that you incorporate ‘privacy by design and by default’ to the core of your organisation and the ICO will review to what extent you have truly embraced this culture change when determining the fine.
Is your organisation ready?
These 10 questions are a sample of the type of activities your organisation needs to undertake.
If you answer Yes to all 10 questions, then you’re well on your way towards being compliant, but remember there is still much more to do.
If you answer No to three or more questions, then you should think about how you’re going to address these outstanding areas in the coming weeks.
If you answer No to five or more questions, then you have a lot of work ahead. You may need to think about getting in some help.
We can help you understand where you need to focus your time and efforts to make the most significant improvements as quickly as possible. We can then develop a road map of the following steps you need to take to become fully compliant, and either leave it with you to implement internally, or, lead on the implementation with you.
As change managers, we know how to introduce policy, establish new governance, manage operational changes and develop behaviour and culture changes across an organisation – these are the skills you will need to successfully become GDPR compliant.
For further information email Sharna Quirke – firstname.lastname@example.org or call 07910 782 679 for a confidential discussion.