All data large and small.
Unfortunately, the majority of the media attention on GDPR has been on cyber security. High profile cases such as Tesco bank and Talk Talk have highlighted the inadequacy of large organisations in protecting themselves from on-line criminal behaviour. This has left the impression that smaller businesses will somehow be exempt as no-one’s going to bother with them. The current spate of Ransomware attacks on UK business of all sizes (current estimates stand at 1 in 5) should end that misconception. Yet reading the ICO guidelines, they don’t expect that your organisation will never get hacked (no matter how good your IT provider may be). What they do expect is that the organisation is prepared for such an eventuality and has proper procedures in place to minimise the consequences when it does occur.
Once more unto the breach, dear friends.
What most businesses don’t yet realize is that their primary duty in terms of being prepared under GDPR is that they are to keep only the records that they need to be able to fulfil the original stated purpose. For some that means starting from the very beginning of the GDPR process, with questions such as “what information do we have” and “why do we need it”? That alone should make any HR, IT or sales manager’s heart flurry. Organisation have built up, and continue to sit on an enormous amount of information, all kept on different systems, in archive storage and email boxes, so such a data spring clean would seem a nigh on impossible task to consider let alone deciding when to start. The key objective of GDPR is that if there is a breach, the impact will be controlled, as there is a minimum amount of information that is held in the first place. If an organisation has gone through this exercise and maintained those procedures the heavy penalties mandated in GDPR will be minimized. Even without that motivation, it is an opportunity to do a good clear out of the information an organisation holds as it makes everything operate more efficiently. It makes it easier to find pertinent information, maintain records and keep everything up to date.
Next in the series: How to conduct a data purge. See our Services page for GDPR and data solutions we provide.
Our GDPR Seminar will be held on the 9th of November 2017 near St Pauls London. £10 to book includes material, drinks and savouries. For more information Click here.
About the Author:
Malcolm Ford has worked for over 9 years in data migration services upgrading business to enterprise level software. He conducts data audits to work with the project management team in order to customise software solutions and dashboards suitable for the clients needs.