Whilst a welcome update to data protection and privacy, there is panic amongst business owners. Failure to comply with GDPR – and ignorance is no defence – means a hefty fine, either 4% of your global income or up to €20,000, whichever is greater.
Clearly, no business wants to throw money away and yet, there are many businesses who believe this is exactly what they need to do to become GDPR compliant: throw money at it.
A lot of the panic has been stoked by companies who have realised there is a buck to be made, offering services and software to other businesses to ensure GDPR compliance.
But, there is no need to panic and no need to get the chequebook out, just yet. GDPR may not be the millstone around your neck that you think it is. In fact, being GDPR compliant and bringing data protection and privacy to the heart of your business strategy could give your business a significant boost;
You only have to read a few stories in the press of information being shared that has damaged reputations and how, many years later, online information can come back to haunt an individual or business.
By taking data privacy seriously, above and beyond being compliant, your customers will have a higher level of trust in you.
Right to be forgotten
Known in principle as the ‘right to erasure’, people and businesses can ask you to erase information about them, including any copies that you hold. And by showing you are compliant, you could enjoy more business.
Businesses and public-sector agencies will need to know what information and data they store on people and where it is held. Can you say with confidence, you know all about this now?
Frankly, there is never enough back-up or data cleaning done by a business, simply because it is time consuming and never really assigned to any one job description. With this deadline on the horizon, it will mean that data storage will need to be streamlined and this can bring welcome cost reductions.
Does it sound familiar?
For some businesses, the above may sound familiar. ISO 27001, the international standard that describes the best practice for an information security management system already meets many of the changes and compliance measures of GDPR.
In fact, across the hefty 260-page GDPR policy document, ISO 27001 is mentioned countless times. Of all the schemes and accreditations, ISO 27001 is the one that dovetails perfectly with these new set of regulations.
If you have ISO 27001, there may be some small changes required to comply with GDPR and for those businesses worried they won’t meet the regulation, ISO 27001 is the only genuine vehicle that will get you anywhere close being GDPR ready.
How can we help you?
Click here to download our new eBook, which will give you an overview of the ISO standards and the FAQs that will help you understand ISO better.
If you’re in need of assistance with any aspect of certification, here at Synergos we’d be delighted to help. Whether you have questions about the path to certification or are looking for advice and support to maintain an existing standard call 01484 817 444 or Email email@example.com and we’ll be happy to talk it over with you.