Typetec

Search

GDPR & You – The Countdown to GDPR

On November 23rd Typetec are hosting an event “The Countdown to GDPR” in the Clarion Hotel Liffey Valley at 1:30PM. This event will cover the overall aspect of what GDPR is from an IT, legal and governance angle. With easily accessible and informative speakers on the day. Register now here.

Overview:

If there is one thing that is clear in relation to GDPR, it is that there is little clarity in relation to the exactitudes of the regulations. If we consider that all the member states of the EU needed to agree on the regulation and look at their previous record on drafting regulations we begin to understand the chaos.

Notwithstanding that – it becomes law in May 2018 !

 

Meeting with the DPO:

As an organisation Typetec are subject to the same confusion surrounding GDPR as everyone. To reduce the noise and clarify our position and ability to advise our clients, Typetec as one of Irelands leading MSPs, sought consultation with The Office of The Data Protection Commissioner. This was designed to help us understand the ramifications of GDPR. To aid us in disseminating the information to our clients.

We had a very productive meeting where we sought to bring clarity to the regulations and the areas we were concerned about on behalf of ourselves and our customers. Some of the more pertinent points of the regulations are defined in just one or two lines with no clarification on the finer points. Without specific details, regulations are hard to implement and even harder to enforce. Never mind the ambiguity for the end user.

Probably the biggest change from our existing regulations and the incoming one is the possibility of potential fines. From the 25th of May 2018, the DPC will no longer have the availability of local discretion in relation to breaches. It will be bound by the new laws. That being said we don’t believe that you should panic just yet.  We do foresee €0 fines where companies have taken all necessary steps in preventing a data breach. So the emphasis has to be on your security and policies regarding data.

As businesses, our data and the business decisions we base on it, are vitally important and we must not see GDPR as a case of Data Prevention but one of Data Protection.  Ideally it should be seen as an opportunity to redefine and streamline the data we collect and process.

Data Controller vs Data Processor

The Data Controller is the entity that collects the personal data in the first place. They must exercise control over the processing and are ultimately responsible for the data protection. The Data Processor processes the data on behalf of the Data Controller and only ever under their instruction.

GDPR – The Common-sense Approach

As a company, there are several areas that if addressed will go a long way to becoming GDPR compliant. Even if we are still not 100% certain what GDPR compliance looks like, as that may be some way off yet.

  • Demonstrate that as a company GDPR is on your agenda. Non-participation is just not an option.

 

  • Focus your efforts on securing your data and overall IT infrastructure.

 

  • Have a data policy that clearly explains, what data you collect, how long you retain it for and the benefits to your users / clients from you collecting and retaining this data.

 

  • Have a legitimate requirement for the data you collect.

 

  • Assess the data you collect – there is a wide-ranging practice of collecting much more data than your business requires. Streamlining this can aid your GDPR compliance and possibly reduce data costs.

 

  • Put procedures in place to reduce / mitigate the following:
    • Data breaches – under GDPR you will have 72 hours to notify affected users post discovery.
    • Data Leakage – put controls in place and educate your users. Ensuring that data is only shared with the intended recipient or trusted 3rd parties (data processors).
    • Data Theft – control who has access to the data and how it is accessed.

 

  • Have a defined procedure to deal with data access requests. You will have 30 days to comply and can no longer charge the end user for the request

If you have any questions please don’t hesitate to contact us, give us a call or drop us a mail to GDPR@typetec.ie. We are all on the GDPR journey together and look forward to seeing you on November 23rd at The Countdown to GDPR.