Actions speak louder than words, and the same can be said for GDPR. It’s not enough to simply say that you’re compliant with the Data Protection Act updates. The challenges are about showing that you’re compliant and that you are able to manage it on an ongoing basis.
We’ve put together a simple approach to GDPR that will allow you to easily demonstrate that you can be trusted and are on the path to GDPR success.
We have boiled this down into 2 areas – the checklist from the Information Commissioner’s Office (ICO) and the way you plan to evidence your responses.
The ICO’s data protection self-assessment is a set of 7 checklists which ask you 120 questions about how you currently manage personal data. They cover questions for data controllers and processors, information security, direct marketing, records management, data sharing and subject access, and CCTV.
Once you have completed this self-assessment, it’s important to pause and prioritise the work required, as well as look at your budget and the resources you have. Your priority will be based on the biggest and most obvious threats and/or issues you have e.g. powerful stakeholder demands.
You will then want to think about how you are going to answer and evidence the 120 questions in the GDPR self-assessment. We suggest breaking these down into 8 areas where work needs to get done, both in terms of implementing then easily sustaining and improving in future.
ISMS.online will save you time and money towards ISO 27001 certification and make it simple to maintain.
Information Security Manager, Honeysuckle Health
We started off using spreadsheets and it was a nightmare. With the ISMS.online solution, all the hard work was made easy.
Capture and document the information you hold in accordance with the records processing requirement, from both the controller and processor role perspective.
Assess risks and identify potential ways of protecting information and ensuring individuals rights to privacy are in place.
Describe the policies and controls along with other safeguards. You can use the ICO checklist again here as it’s a great way of seeing where they expect you to be covered.
Demonstrate that working in practice with your operational data processing systems, staff, supply chain, and other interested parties are all able to show understanding and compliance.
Monitor, review, audit and improve the whole system over time to deliver the commitment to privacy and information security that the ICO is expecting.
Go back and review all of the ICO checklist questions and best practice guidance. This will give you a basis to demonstrate that you have considered each area of the GDPR.
We’ve created the following video for our customers that details how you can use the ISMS.online platform to create a quick gap analysis, follow the ICO steps to achieving GDPR compliance, and successfully manage it for the years to come.
A tailored hands-on session based on your needs and goals
100% of our users Achieve ISO 27001 certification first time