On 25 May, the General Data Protection Regulation (GDPR) will come into force, which does not leave your organisation with too much time to comply. In fact, 75 per cent of organisations indicate that they will struggle to meet the compliance deadline, according to a 2017 survey from software company, Varonis Systems Inc.
The GDPR will impact how your organisation handles sensitive personal information, which includes employee phone numbers, home addresses and bank account numbers. Most likely, your health and safety system or department stores a great deal of this information. For that reason, it is essential that you take the necessary steps to ensure that you are compliant.
- Understand and document your processes for collecting, handling and storing personal information, and ensure that they meet GDPR requirements.
- Keep detailed documentation of the personal data you hold.
- Conduct a cyber-risk assessment to evaluate the security of your personal information digital library.
- Have clear documentation of where and how personal information is shared with third-party organisations.
- Review and define your organisation’s justifications for storing personal information.
- Assess the potential risk if your store of personal information was affected by a cyber-breach.
- Adopt GDPR data retention policies and establish a process to ensure that your organisation remains compliant.
For more information on ensuring compliance, contact Bond Lovis Insurance Brokers today.