With just 2 months to go until the EU General Data Protection Regulation (GDPR) compliance deadline of 25th May 2018, I thought I might touch on an interesting aspect of GDPR - that of ‘demonstrating compliance’.
Now to be clear, we're not talking about the 7th Principle of GDPR here, which is all about accountability and liability and focuses on organisations being able to demonstrate to the governing bodies that they have “taken the necessary steps comparable to the risk their data subjects face.”
No, what I’m talking about here is how, for example, RiskSTOP can demonstrate to YOU today that we are GDPR compliant.
In many respects, this is not as easy as complying with the 7th principle. The reason it isn’t easy is because there is no kind of certification scheme in the UK, as yet, allowing organisations to open themselves up to audit and then show they have everything in place to be GDPR compliant. At RiskSTOP we are ISO 27001 Information Security Systems Certified, but as we all know, that’s not the same as GDPR!
If you’ve seen claims by organisations that they are GDPR “accredited” or “certified” in any way, steer clear. There is really no such thing.
At RiskSTOP, several of our major clients have already asked us to demonstrate our GDPR compliance, ahead of the deadline. As anyone who has faced the same will tell you, it can be an in-depth process.
And so it should be. Data sensitivity and security is hugely important.
However, for the benefit of our wider audience and customer base we’ve also taken a further step online by briefly explaining on our websites (RiskSTOP and RebuildCostASSESSMENT.com) all of the steps we've taken to ensure compliance.
You can read the 7 steps we’ve taken to comply with GDPR here.
As we have seen in the news recently, it is vital that data is processed lawfully, fairly, appropriately, accurately and securely. In the absence of any legitimate GDPR certification scheme, isn’t it now important for all organisations, big or small, to take some steps to very simply, succinctly and credibly highlight their approach to GDPR compliance?
You have until 25th May!
Managing Director, RiskSTOP Group