How do you know if it is GDPR compliant?

How do you know if it is GDPR compliant?

Written by John Dray

Done for You | GDPR

8th January 2020

The biggest lie in the IT industry at the moment is that a particular service or product is GDPR compliant.

Let that sink in.

There are lots of companies promoting services as GDPR compliant and they are all lying!

Obviously, that is a claim that takes a bit of examination.

Timj Vrv nZHaFTc unsplash

Here is a really simple example

So, you have an amazing database and it has special fields for storing passwords and social security/national insurance data. The data is encrypted within the database and adheres to the greatest possible standards.

Hurrah! You have software that is GDPR compliant.

However, you have a member of staff who finds that a bit of a faff. Instead, they store the data in the clear text, unencrypted ‘comments’ field.

Worse than that, they have to copy that data into another system. They find it easiest to store the name and National Insurance number in notepad. They save it. Now you have a name and National Insurance number together on their computer in unencrypted form on the laptop they use at work.

The hard disk is not encrypted.

They leave the laptop on the bus on the way home.

Shortly afterwards the person whose data was stored on the laptop has their data abused.

So your software that was GDPR compliant did not prevent the data breach and the ensuing maelstrom of Information Commissioner’s Office investigation, bad publicity, loss of reputation and court cases.

What can I do about GDPR?

I would love to say that such occurrences are uncommon, but I have visited a lot of organisations in my career and seen similar abuses of data.

Being GDPR compliant is not about software, or a system, it is about enforced policies and procedures. It is about education and culture within an organisation. This takes effort… but to minimise the effort it is best to ask an expert.

For GDPR consultancy and advice, I always head over to Chris Roberts of Cybata. What he doesn’t know about GDPR isn’t worth knowing. Better still, he is able to explain it in simple, common-sense ways. Thanks for all your support, Chris! Here is the Cybata website address: https://cybata.co.uk

You May Also Like…

Processing...
Thank you! Your subscription has been confirmed. You'll hear from us soon.
Keep up to date
ErrorHere