Good Enough IT Risk Management

Personal Data Protection - How Hard Can It Be?

[fa icon="calendar"] Monday, 05 December 2016 / by Lars Neupart

Haven’t we had enough? It feels like there’s been an endless stream of GDPR offers lately. Courses and certificates, as well as attorneys and consultancies which offer an array of services. Services which are then presented as absolute necessities in order not to be hit by enormous fines as soon as May 2018 hits us.

Of course proper protection of our personal data is vital, and it’s important for companies to comply with the law, so perhaps this barrage of offers is justifiable. But then again, just how difficult can it be to comply with the EU’s new general data protection regulation?

Responsible Shortcuts

I’ve always been a fan of putting things into systems or a software – or, even better, cloud solutions -   and trying to simplify things as much as possible. I sometimes call this principle of simplifying, “responsible shortcuts”. This is based on my belief that too many companies spend too much time trying to perfect their process, before they even start. For most companies, it’s by far more beneficial to simply get a process started, and then improve it along the way. These principles work really well for any 27001-based projects and, actually, information security in a wider sense. However, as citizens, we want our information to be protected in the best way possible, and the term “shortcut” might make us hesitate. The question is then: can you take responsible shortcuts when it comes to personal data protection?

The answer is yes, with emphasis on the “responsible” part. These principles of responsible shortcuts and simply getting a process started, are always useful because every time a company starts to improve the protection of the personal data they are responsible for, the safer we – citizens and companies – are.

Secure GDPR

This is why my team at Neupart and I are happy to announce our own GDPR offer. Contrary to many of our competitors, we’re offering you a software that helps you on your way to become compliant with the EU general data protection regulation. The software has been appropriately named Secure GDPR and consists of:

1. Great content and templates so you never have to start from scratch.
2. Registration of Data Processing Activities
3. Support of the Data Protection Impact Assessment (DPIA)
4. Effective management of data breach notifications
5. A dashboard which provides a clear overview of the key areas in your compliance
6. Awareness quizzes and film on personal data protection to train your employees
7. Gap analysis so you can keep an overview of your status and compliance

 

dataprotection.png

The Secure GDPR package includes this dashboard with a clear overview.

 

The new package will be released in the first quarter of 2017. If you currently subscribe to our Secure ISMS, you can already carry out gap analysis with the Policy & Compliance module.

As to answering my first question - How hard can it be? – the answer is: quite. It can be quite a task, complying with all the new process demands in the regulation, but it will be significantly easier for you to comply with the EU GDPR, if:

  • You already comply with current personal data protection regulations.
  • You currently have an ISMS that is partly or entirely based on ISO 27001.
  • You use a software such as Secure GDPR and Secure ISMS to manage your GDPR compliance.

And as an early Christmas present, we’ve written a guide with 7 steps which you can go through to gain a better understanding of what the EU general data protection regulation actually entails, and how to prepare for it. Get yours here

Happy holidays!

Lars Neupart

P.S. Of course, we know that the EU GDPR can be a bit of a mouthful. That’s why we offer consultation services from our experienced consultants at SecureConsult, who’ve specialised in this topic. They’ll make sure that you'll have both the tools and know-how to maintain compliance with the GDPR every day.

More resources

Learn about a number of shortcuts to how you can more easily follow the new regulations for personal data protection in our webinar EU Data Protection Regulation - How hard can it be?

Learn more and sign up here

 

Want to learn more about what the EU GDPR means for your company? Download our guide on how to perform a correct, verifiable and resource efficient implementation of the regulation.

Download the guide here

 

Let us hear from you if you want to discuss how we can help you comply with the EU GDPR

Emner: Compliance and task management, ISO Standards, eu general data protection regulation, eu gdpr

Good enough IT risk management

The Neupart blog offers advice and knowledge of effective information security management, security strategies, risk management, compliance with information security standards and other requirements, business continuity planning, ISO2700x, EU Data Protection Regulation, PCI DSS, etc.

Popular Posts