General Data Protection Regulation (GDPR)
GDPR legislation is a series of measures designed to protect the privacy of individuals in a fast moving, data-rich, digital world. In the UK, GDPR replaces and updates the Data Protection Act (DPA) of 1998 – if you think about it, a lot has changed in the last 20 years. There has been an explosion in the use of the internet; individuals have freely given information when signing up for services online with little thought for the consequences. Everything we do is adding to our digital footprint; price comparison sites, supermarket loyalty cards, Social Media organisations even ordering a takeaway means filling in a form – every interaction and transaction is recorded somewhere and is potentially shared.
GDPR is designed to address this ‘new data normal’. It puts the onus squarely on the shoulders of organisations to treat personal information respectfully and responsibly. The Information Commissioners Office (ICO) is the UK body responsible for enforcing the law – it can carry out an audit on any organisation at any time. Under GDPR, non-compliance can come with heavy fines (up to £17 million or 4% of turnover allowed under the new law) but the focus is more about getting it right and helping protect personal data. Apart from fines, the GDPR gives the ICO a range of sanctions to help organisations comply – warnings, reprimands, corrective orders. While these will not hit organisations directly in the pocket – their reputations will suffer a significant blow.
Qubic has always helped its customers keep their information safe through a series of cybersecurity and business continuity measures. We have been investing in technology and people over the last year to be able to help our customers comply with GDPR. We offer a range of service levels from an initial audit to a full, on-going GDPR compliance programme.
Qubic can provide a range of Audits to help you develop GDPR compliant processes.
Level 1 – GDPR Self-Audit
Our entry-level service is to help you identify risks
- We provide you with our audit pack with step-by-step instructions
- Completing the pack will identify how the data you process flows through your organisation and systems
- The audit will help you highlight potential areas of risk
Level 2 – GDPR Practitioner Guided-Audit
Our standard service identifies risks and makes recommendations
- One of our practitioners will work with you to determine your current compliance status
- We will identify how the data you process flows through your organisation and systems
- We will identify any risks
- We will draw up a series of recommendations to follow that will enable you to comply with GDPR
Level 3 – Enhanced GDPR Audit Tool
Our Enhanced GDPR Audit tool is software driven and pulls together information about your policies and the state of your network and any vulnerabilities. We input information about your policies, procedures and processes against a series of compliance categories. We then deploy our GDPR information audit software tool across your entire IT estate to analyse network health, performance and security.
The output from this Audit is a full set of reports that show areas of compliance and highlights issues and areas of non-compliance with recommendations.
Once you have made the appropriate remedies, the reports can be re-run to provide evidence of compliance.
- It saves staff resource and time
- Undertakes a systematic scan for personal data
Provides evidence of compliance with automated reports (accountability principle)
- Scans your entire IT infrastructure for internal and external vulnerabilities
- Determines what actions you need to take with a risk weighted treatment plan.