As many of you may have now read, with the emergence of GDPR, it means there are a new set of responsibilities on the data controller + the data processor. Gone are the times that companies can go back and forth blaming third party processors for their relaxed data policies and third-party processors can take […]
What is GDPR?
The General Data Protection Regulation (GDPR) replaces the current Data Protection Act on the 25th May 2018. It is an EU directive and places more onus on companies to be accountable and transparent with clients on how their data is being used and stored. GDPR applies to any organisation that is based in the EU or holds data on EU citizens.
As an IT support provider, we are committed to making sure that Lucidica and our clients are making steps towards GDPR compliancy. We understand that investing in compliancy, time and monetary wise, can be difficult for small to medium size businesses. Our data protection gurus Yugansh and Emma have been working since December 2017 on demystifying GDPR and making it as actionable as possible.
The Information Commissioners Office are the organisation that will be governing GDPR within the UK. For advice on how to collect, store or delete data, there website is a great resource that offers simple and actionable advice.
NOTE: It is important to note that there is no certificate or award for GDPR compliancy currently and no one piece of technology or training can make your entire organisation GDPR compliant.
Where to start?
Download our Free GDPR Webinar below which gives you a quick breakdown on GDPR + how to collect and process data through marketing and store and delete it with technology.
The ICO have provided 12 steps to get started on compliancy. Here they are:
All these steps might not apply to your business depending on the size of your business, the service it offers and where you operate. For more information, contact us.
Would like to sign-up to our mailing list to receive updates & seminars about GDPR?
All Emailing Lists’ Nightmare: How to Make Your Emailing List Ready for GDPR? The dawn of GDPR fast approaching, in fact there are less than 2 months until 25 May 2018. Have you ever been thinking to torch your entire mailing list like Wetherspoons? STOP THERE! Check this out: A key point is that, prior […]
How to Protect your Small Business from Cyber-Attacks? Small businesses need to be aware that despite the size of the business, almost 60 percent of UK SMEs have been a victim of an attack. Cyber-attacks on SMEs have been increased year on year. In 2015, 50% of cyber-attacks on businesses in the UK were targeted […]
What have we done to become GDPR Compliant?
Lucidica helps contract clients achieve compliance by monitoring their devices and infrastructure covered under contract. We help by –
1.Carrying out routinely backup audits and communicate back to the client
2.Carrying out routinely security audits and communicate back to the client
3.Offering a managed antivirus software on all windows machines
4.Reporting any data loss to the client and responding within the contractual SLA (usually within 2 hours)
5.Responding to any data loss by the client with the contractual SLA
How we are preparing for GDPR?
We already have a consistent level of data protection and security across our organisation, however it is our aim to be fully compliant with the GDPR by 25th May 2018. Outside the renewal of contracts with a GDPR clause with our clients, third parties and suppliers, our preparation includes –
1.Information audit – employees at Lucidica to record PII they handle on a daily basis, where it’s kept, and how they ensure its safety
2.Data protection – Our CRM running on-premise Sharepoint 2013, with only senior engineers accessing the back-end running SQL. The CRM is encrypted by SSL, and accessed remotely only by the use of IPSEC VPN
3.Data retention and erasure – the use of EMS to create labels and set retention policies
4.Supplier transfers – check GDPR compliancy of suppliers, and be transparent with the data subjects on where they data is kept
5.Subject access requests – double verification for SARs, once confirmed, respond within 30 days in a reasonable format
6.Transfer of sensitive data – use of EMS to send encrypted e-mails, and create policies to apply document/e-mail expiry 7.Employee training – Training internal staff, 2 of the staff are GDPR certified
8. Mobile management – use of EMS to manage mobile devices to ensure security when accessing our systems, and allow remote wipe and pre-requisite checks
9. Obtaining specific consent when a data subject signs up to our newsletter on our website, and offering a clear opt out on all e-mail marketing
10. Review/Create a new clients data policy for retention and destruction of computer
GDPR Roles and Employees
As a contract client, your initial contact regarding data privacy queries should be your account engineer. Our data privacy officers are Emma Savory (firstname.lastname@example.org) and Yugansh Sharma (email@example.com)
Lucidica can offer a practical approach to GDPR by reviewing your processes and policies and offer advice for a fixed fee at the consultation rate stated in your contract.
If you need any assistance, please contact us