Posted on: 17 Jul 17
“At its heart, the GDPR is about protecting a person’s personal data and privacy,” explains Chris Joberns, managing director. “As such there are two main areas to consider; firstly where and how you store the data – is it safe? Do only the right people have access to the data? For example, if it's stored online, does that service offer a GDPR-compliant standards?
“The second part is how you process the data within your business. Where did you get the data? Do you have the individual's consent to use it? Do you share the information and do have the right to do so?”
To help your business with the process of becoming GDPR compliant, Microsoft has stated it is “committed to GDPR compliance across our cloud services when enforcement begins May 25, 2018, and provide GDPR related assurances in our contractual commitments.”
This includes a guarantee that you can respond to requests to correct, amend or delete personal data, detect and report personal data breaches and demonstrate your compliance with the GDPR.
GDPR is applicable to organisations of all sizes and although May 2018 seems a long way off, if your businesses hosts data regarding individuals you should start to consider the requirements now.
“The amount of work required will vary by the size and type of business,” says Chris. “For example, if your business is already ISO 27001 then you’ll already be compliant. But this would expensive, time consuming and overkill for many businesses.
“A key aim is to ensure all customer data is safe and protected and you can show you have actually thought about it. I suggest all devices that go offsite are encrypted so if any laptops are stolen or lost then you know the company data is safe. Secure backup is also important to prove that you can recover quickly.
Microsoft has released a useful white paper regarding moving to GDPR compliance which you can download here.
If you’d like to discuss the benefits of data encryption and Microsoft cloud services, don’t hesitate to call.