GDPR Consulatncy

General Data Protection Regulation

General Data Protection Regulation (GDPR)

GDPR legislation is a series of measures designed to protect the privacy of individuals in a fast moving, data-rich, digital world. In the UK, GDPR replaces and updates the Data Protection Act (DPA) of 1998 – if you think about it, a lot has changed in the last 20 years. There has been an explosion in the use of the internet; individuals have freely given information when signing up for services online with little thought for the consequences. Everything we do is adding to our digital footprint; price comparison sites, supermarket loyalty cards, Social Media organisations even ordering a takeaway means filling in a form – every interaction and transaction is recorded somewhere and is potentially shared.

GDPR is designed to address this ‘new data normal’. It puts the onus squarely on the shoulders of organisations to treat personal information respectfully and responsibly. The Information Commissioners Office (ICO) is the UK body responsible for enforcing the law – it can carry out an audit on any organisation at any time. Under GDPR, non-compliance can come with heavy fines (up to £17 million or 4% of turnover allowed under the new law) but the focus is more about getting it right and helping protect personal data. Apart from fines, the GDPR gives the ICO a range of sanctions to help organisations comply – warnings, reprimands, corrective orders. While these will not hit organisations directly in the pocket – their reputations will suffer a significant blow.

Qubic’s Approach

Qubic has always helped its customers keep their information safe through a series of cybersecurity and business continuity measures. We have been investing in technology and people over the last year to be able to help our customers comply with GDPR. We offer a range of service levels from an initial audit to a full, on-going GDPR compliance programme.

 

GDPR Audits

Qubic can provide a range of Audits to help you develop GDPR compliant processes.

Level 1 – GDPR Self-Audit

Our entry-level service is to help you identify risks

  • We provide you with our audit pack with step-by-step instructions
  • Completing the pack will identify how the data you process flows through your organisation and systems
  • The audit will help you highlight potential areas of risk

Level 2 – GDPR Practitioner Guided-Audit

Our standard service identifies risks and makes recommendations

  • One of our practitioners will work with you to determine your current compliance status
  • We will identify how the data you process flows through your organisation and systems
  • We will identify any risks
  • We will draw up a series of recommendations to follow that will enable you to comply with GDPR

Level 3 – Enhanced GDPR Audit Tool

Our Enhanced GDPR Audit tool is software driven and pulls together information about your policies and the state of your network and any vulnerabilities. We input information about your policies, procedures and processes against a series of compliance categories. We then deploy our GDPR information audit software tool across your entire IT estate to analyse network health, performance and security.

The output from this Audit is a full set of reports that show areas of compliance and highlights issues and areas of non-compliance with recommendations.

Once you have made the appropriate remedies, the reports can be re-run to provide evidence of compliance.

  • It saves staff resource and time
  • Undertakes a systematic scan for personal data
    Provides evidence of compliance with automated reports (accountability principle)
  • Scans your entire IT infrastructure for internal and external vulnerabilities
  • Determines what actions you need to take with a risk weighted treatment plan.

Adding Value through People

We have team of highly skilled individuals
Most of our engineers have been with us for over 10 years
We invest heavily in professional training
Advice to get the right solution first time

Adding Value through Technology

Delivering innovative technological solutions
Enhancing products like Microsoft Office 365
Powerful UK core infrastructure
Redundant multi-vendor interconnect giving high levels of resilience

Adding Value through Process

Proactive monitoring and management
We can deliver round the clock 24/7 support
We are accredited to the highest standards
including ISO 27001:2013 and ISO 9001
We employ PRINCE2 project management