Say “YES” aloud after each of the following statements if they are true of your company’s preparation for GDPR:
1) We have consent for the data we have, where it is held, what it’s for and who it’s shared with.
2) All contracts with third-parties and service providers have been reviewed and are compliant.
3) Data protection policies and privacy notices have been reviewed and updated.
4) Our procedures comply with individual rights, such as how data is processed and erased.
5) Our incident response plan is up-to-date it in light of the GDPR.
If you said “YES” to all five statements...
give yourself a pat on the back, say loudly and proudly “We are prepared for the GDPR deadline”, and close this window; you need not read on...
If you said “YES” to less than three statements...
continue reading for...
Top five things to focus on in the run up to GDPR
1) If you have more than 250 people, get yourself a Data Protection Officer. This person will be accountable for GDPR for your organisation and will help drive changes across your business.
2) Make sure you have change support in place – GDPR represents a big change to the way we handle and manage personal data. We need to instil new values and behaviours, through communications, training and on-going embedding activities. Also consider setting up a Data Protection champion network across your business.
3) Stay on the right side of regulators – ensure all your company policies and guidelines are updated to reflect GDPR. You must have this framework in place.
4) Encrypt data both in transit and at rest. Limit the access of personal data to those that require it.
5) Review how you handle/ manage personal data across your business. Where is personal data stored? How is it sent? What mechanisms are in place to ensure you only retain it for the maximum time allowed. Help your employees help you, by giving them clear guidance on how to manage personal data!
Costs and liabilities arising from the use of information technology can hit your business in many different ways. In a digital and online business world, threats can emerge from almost any angle: from cyber-attacks by criminal or activist hackers, to accidental or deliberate misuse or loss of customer data by one of your own employees.
At QBE we have put together an exceptionally wide range of specialist cyber covers and services to help keep your business safe. Our cover includes:
- Cyber liability
- Online media liability
- Data breach legal costs, forensics and PR
- Credit monitoring and identity theft costs
- Regulatory defence and penalty costs
- Payment Card Industry Data Security Standards Costs
- Data restoration
- Cyber business interruption